Contents:
A new report shows how cloud misconfiguration could lead to critical data exposure of an organization. Researchers revealed that misconfigured Kafdrop instances, Kafdrop being the Apache Kafkas’s management interface, led to the exposure of sensitive cloud data related to many big companies worldwide.
The Misconfigured Kafdrop Instances: More Details
Kafdrop is basically the Apache Kakfkas’ management interface, a platform both cloud-native and open-source that has the role of data streams collection, analysis, storage, and management. Over 60% of the Fortune 100 enterprises use Kafka nowadays. Besides, this service is also used by eight of 10 of the biggest banks worldwide along with the 10 biggest insurance enterprises at a global level and also 8 of the 10 most important telecom providers make use of Kafka.
That is why a vulnerable management tool represents the perfect target for cybercriminals permitting them to perform actions like network infiltration and data exfiltration eventually, as the Spectral researchers, who published a report on this topic, underline.
Thus, the well-known open-source user interface dubbed Kafdrop became a target. It’s interesting to mention here that Kafdrop is possible to be deployed as a Docker container. Through this interface, current Kafka clusters are mapped and connected automatically. This will permit users to do several activities, like, the researchers describe:
With Kafdrop, you can manage topic creation and removal, as well as understand the topology and layout of a cluster,drilling into hosts, topics, partitions, and consumers. It also allows you to sample and download live data from all topics and partitions, acting as a legitimate Kafka consumer.
In their report, the Spectral researchers also revealed that they identified various misconfigured Kafdrop instances that led to Kafka clusters being publicly exposed.
What Data Exposed the Apache Kafka Cloud Clusters?
According to the report mentioned above, the data that the clusters exposed was related to:
- Customer data
- Transactions
- Internal system traffic that includes access details like secrets or authentication tokens.
These clusters expose customer data, transactions, medical records, and internal system traffic: providing an inside look into the complete nervous system, all public. (…) We found exposed clusters from companies across a multitude of industries, including insurance, healthcare, IoT, media, and social networks. (…) Also exposed was real-time traffic revealing secrets, authentication tokens, and other access details that allow hackers to infiltrate the companies’ cloud activities on AWS, IBM, Oracle, and others.
What Would be the Impact on the Affected Companies?
The researchers under discussion have warned about possible attack outcomes due to the impact these misconfigured Kafdrop instances have on the enterprises such as that critical data can be compromised and stolen, data sources and Kafka topics could be deleted resulting thus in denial-of-service (DoS) attacks or transactional and log information like financial data or internal databases might be exposed.
They also said that if crafted messages are injected into Kafka this could lead to hackers having access to other corporate network areas or it might lead to non-compliance issues for the affected organizations.
Recommended Mitigation Measures
Researchers advise that Kafdrop needs to be redeployed and this redeployment action needs to happen behind an app module that owns an authentication module that is both active and configured. Companies should also understand and analyze the risk supply chain vulnerabilities pose to an organization’s security, information in transit or at rest should be always encrypted, and in-depth misconfigurations scanning is necessary for exposed Kafka clusters detection.
Did you enjoy this article? Follow us on LinkedIn, Twitter, Facebook, Youtube, or Instagram to keep up to date with everything we post!