Reading:
Selenium Greed: ongoing cyber attack targets exposed Selenium Grid services
What daily testing task would you want AI to improve or solve?

Selenium Greed: ongoing cyber attack targets exposed Selenium Grid services

Ongoing cyber attack targets exposed Selenium Grid services, enabling unsolicited Crypto mining.

A new security flaw was identified this week in Selenium Grid, a widely-used tool by software testers for running tests concurrently across various browsers and environments. This breach has sparked major worries among testers regarding the safety and dependability of their testing setups.

So what? The IP address in question is said to belong to a legitimate service that has been compromised by the threat actor, as it has also been found to host a publicly exposed Selenium Grid instance.

  • Exactly who is behind the attack campaign is currently not known despite all the Korea rumours flying around. 
  • However, it involves the threat actor targeting publicly exposed instances of Selenium Grid and making use of the WebDriver API to run Python code responsible for downloading and running an XMRig miner  (for Monero mainly)
  • The cloud security company Wiz has named the ongoing activity SeleniumGreed (love it) and is monitoring it closely
  • This hack campaign is directed at older versions of Selenium (3.141.59 and earlier) and is thought to have been active since at least April 2023
  • For anyone now panicking to change their verison, there are also some other guides below

Why bother? Software testers widely use Selenium Grid to guarantee cross-browser compatibility and efficient parallel test execution. Since authentication is not enabled by default, many publicly accessible instances of this service are misconfigured, leaving them vulnerable to unauthorised access and malicious exploitation. A security breach in this tool could pose major risks;

Compromised Test Data: Unauthorised access to test data might expose sensitive information
Manipulated Test Results: Attackers could modify test outcomes, undermining the reliability of the results
Service Disruptions: Exploiting this flaw could disrupt the testing pipeline, causing delays in the development workflow

What's more…Through vigilance and the implementation of certain measures, software testers can securely and reliably use Selenium Grid in their testing environments. But we need to remember:

  • Safeguard: Maintain and protect your testing environment; ensure your tools are up-to-date
  • Stay Informed: Keep updated with the latest security advisories and updates for testing tools
  • Regular Audits: Perform frequent security audits on your testing infrastructure
  • Incident Response Plan: Create and sustain a strong incident response plan to promptly handle any security breaches

Resources

Aj Wilson
Aj Wilson
Tester
Scottish Mortal Kombat champion
Comments
What daily testing task would you want AI to improve or solve?
Explore MoT
Pre-TestBash meetup by the beach image
Wed, 11 Sep
Keysight are the proud sponsors of our pre-TestBash meetup by the beach
MoT Intermediate Certificate in Test Automation
Elevate to senior test automation roles with mastery in automated checks, insightful reporting, and framework maintenance
This Week in Testing
Debrief the week in Testing via a community radio show hosted by Simon Tomes and members of the community