Misconfigurations
Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, and the such to gain unauthorised access or knowledge of the system. Security misconfiguration can happen at any level of an application stack, including the network services, platform, web server, application server, index and indexer, frameworks, custom code, and pre-installed virtual machines, containers, or storage. The attack exploits such configuration weaknesses found. Many applications come with unnecessary and unsafe features that may provide the means for a hacker to bypass authentication methods and gain access to sensitive information, perhaps with elevated privileges.
Misconfigured Hadoop YARN components allowed distributed denial-of-service (DDoS) bots on Hadoop servers in 2018 (New DemonBot Discovered, Pascal Geenens, October 2018). Servers with Hadoop, an open source distributed processing framework that manages storage and data processing for big data applications running in clustered systems, are generally stable, as well as resource rich, and so would serve well in a malicious attack.
Misconfigured ElasticSearch servers are the unwelcome gift that keeps on giving. Also in 2018, a 73 GB data breach was discovered during a regular security audit of publicly available servers with the Shodan search engine (New Data Breach exposes 57 million records, Hacken Proof, November 2018). They found at least 3 IPs with identical ElasticSearch clusters misconfigured for public access.
In 2019, a developer error resulted in a misconfigured AWS ElasticSearch server containing tens of GB of data including customer names, contact details, and case details for customer support (Rubrik Data Leak is Another Cloud Misconfiguration Horror Story, Kelly Sheridan, January 2019).