Updated on 2022-09-01 GMT+08:00

Exploits

Overview

A vulnerability is a weakness that can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. Attackers exploit vulnerabilities to obtain rights, steal sensitive data, or sabotage software and hardware systems.

SA can detect two types of exploits. The professional edition can detect them all. The basic and standard editions do not support exploit detection.

Suggestion

If an exploit is detected, handle the threat by following the instructions in Table 1.

Table 1 Suggestions for handling exploits

Threat Alarm

Severity

Threat Description

Suggestion

MySQL exploit

Low

If SA detects that an ECS instance is attacked using the MySQL vulnerability, the ECS instance is attacked using the MySQL vulnerability.

The main cause of the attack is that the MySQL service is enabled on the public network for the ECS instance. Therefore, you are advised to perform the following operations:

  1. Configure security group rules and forbid the MySQL service from accessing the public network.
  2. Unbind the ELB, and disable the MySQL service from accessing the public network.

Redis exploit

Low

If SA detects that an ECS instance is attacked using the Redis vulnerability, the ECS instance is attacked using the Redis vulnerability.

The main cause of the attack is that the Redis service is enabled on the public network for the ECS instance. Therefore, you are advised to perform the following operations:

  1. Configure security group rules and forbid the Redis service from accessing the public network.
  2. Unbind the ELB, and disable the Redis service from accessing the public network.