CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Vulnerable Jupyter Servers Targeted for Sports Piracy

Misconfigured instances of JupyterLab and Jupyter Notebook have been targeted by threat actors for sports stream ripping.

Misconfigured data science environments have been targeted by threat actors for sports stream ripping, according to cloud security firm Aqua Security.

Honeypots operated by the company showed that cybercriminals are targeting misconfigured JupyterLab and Jupyter Notebook applications, which are web-based development environments for notebooks, code, and data.

Aqua Security believes that Jupyter solutions are typically used for data science by individuals who may lack awareness of common misconfigurations that can leave servers vulnerable to hackers. 

Shodan shows roughly 15,000 internet-exposed Jupyter servers and approximately 1% of them — including ones belonging to individuals and companies — allow remote code execution. 

In the attacks observed by Aqua Security’s researchers, threat actors gained access to unprotected Jupyter servers. They updated the compromised server and then downloaded a tool called FFmpeg, which allows users to record, edit and stream audio and video.

The threat actor abused FFmpeg and the compromised server to capture live streams of sporting events and redirected the streams to their own servers. 

Illegally broadcasting the streams on their own channels enables threat actors to make a profit through advertising revenue, while causing significant revenue loss for the legitimate broadcaster.

Assaf Morag, threat intelligence director of Aqua Security’s Aqua Nautilus Team, told SecurityWeek that the attack is similar to cryptojacking and DDoS attacks. 

Advertisement. Scroll to continue reading.

In this case, the hijacked Jupyter server is used as an intermediary between a legitimate streaming service and the attacker’s broadcast. The compromised server is abused for its resources and to help the attacker hide their identity. 

“This straightforward attack is easy to overlook,” Morag explained in a blog post describing the attack. “While the immediate impact on organizations might appear minimal (though it significantly affects the entertainment industry), it could be dismissed as merely a nuisance.”

“However, it’s crucial to remember that the attackers gained access to a server intended for data analysis, which could have serious consequences for any organization’s operations. Potential risks include denial of service, data manipulation, data theft, corruption of AI and ML processes, lateral movement to more critical environments and, in the worst-case scenario, substantial financial and reputational damage,” he added. 

Related: Stealthy ‘Perfctl’ Malware Infects Thousands of Linux Servers

Related: Researchers Find Python-Based Ransomware Targeting Jupyter Notebook Web Apps

Related: New ‘Hadooken’ Linux Malware Targets WebLogic Servers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.