Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Botnets have been silently mass-scanning the internet for unsecured ENV files

November 21, 2020
in Internet Security
Botnets have been silently mass-scanning the internet for unsecured ENV files
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Drawing little attention to themselves, multiple threat actors have spent the past two-three years mass-scanning the internet for ENV files that have been accidentally uploaded and left exposed on web servers.

ENV files, or environment files, are a type of configuration files that are usually used by development tools.

You might also like

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

Google Project Zero testing 30-day grace period on bug details to boost user patching

Cyberattack on UK university knocks out online learning, Teams and Zoom

Frameworks like Docker, Node.js, Symfony, and Django use ENV files to store environment variables, such as API tokens, passwords, and database logins.

Due to the nature of the data they hold, ENV files should always be stored in protected folders.

“I’d imagine a botnet is scanning for these files to find API tokens that will allow the attacker to interact with databases like Firebase, or AWS instances, etc.,” Daniel Bunce, Principal Security Analyst for SecurityJoes, told ZDNet.

“If an attacker is able to get access to private API keys, they can abuse the software,” Bunce added.

More than 1,100 ENV scanners active this month alone

Application developers have often received warnings about malicious botnets scanning for GIT configuration files or for SSH private keys that have been accidentally uploaded online, but scans for ENV files have been just as common as the first two.

More than 2,800 different IP addresses have been used to scan for ENV files over the past three years, with more than 1,100 scanners being active over the past month, according to security firm Greynoise.

Similar scans have also been recorded by threat intelligence firm Bad Packets, which has been tracking the most common scanned ENV file paths on Twitter for the past year.

185.234.218.174 (🇵🇱) is mass scanning the internet for these paths:
/admin-app/.env
/api/.env
/app/.env
/apps/.env
/back/.env
/core/.env
/cp/.env
/development/.env
/docker/.env
/fedex/.env
/local/.env
/private/.env
/rest/.env
/shared/.env
/sources/.env
/system/.env
. . . pic.twitter.com/vIBDk7Wbnl

— Bad Packets (@bad_packets) February 19, 2020

Threat actors who identify ENV files will end up downloading the file, extracting any sensitive credentials, and then breaching a company’s backend infrastructure.

The end goal of these subsequent attacks can be anything from the theft of intellectual property and business secrets, to ransomware attacks, or to the installation of hidden crypto-mining malware.

Developers are advised to test and see if their apps’ ENV files are accessible online and then secure any ENV file that was accidentally exposed. For exposed ENV files, changing all tokens and passwords is also a must.


Credit: Zdnet

Previous Post

SiMa.ai Adopts Arm Technology to Deliver a Purpose-built Heterogeneous Machine Learning Compute Platform for the Embedded Edge

Next Post

Role Of AI And Machine Learning In Logistics Industry

Related Posts

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Google backs new security standard for smartphone VPN apps
Internet Security

Google backs new security standard for smartphone VPN apps

April 16, 2021
Mozilla to start disabling FTP next week with removal set for Firefox 90
Internet Security

Mozilla to start disabling FTP next week with removal set for Firefox 90

April 16, 2021
Next Post
Role Of AI And Machine Learning In Logistics Industry

Role Of AI And Machine Learning In Logistics Industry

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

ML Scaling Requires Upgraded Data Management Plan
Machine Learning

ML Scaling Requires Upgraded Data Management Plan

April 17, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Machine learning can be your best bet to transform your career
Machine Learning

Machine learning can be your best bet to transform your career

April 17, 2021
AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021
Neural Networks

AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021

April 17, 2021
Monitor Your SEO Placement with SEObase
Learn to Code

Monitor Your SEO Placement with SEObase

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • ML Scaling Requires Upgraded Data Management Plan April 17, 2021
  • SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack April 17, 2021
  • Machine learning can be your best bet to transform your career April 17, 2021
  • AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021 April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates