Researchers from CyberNews discovered that over 29,000 databases across the world are now totally inaccessible and publicly available, exposing over 19,000 terabytes of data to everyone, including threat actors.
The majority of businesses keep confidential data in databases. Passwords, usernames, document scans, health records, bank account, and credit card information, and other vital information are all easily searchable and stored in one location.
To steal all that valuable data, attackers don't always need to hack them: one of the most common causes of a breach is databases that have been left unsecured, allowing anyone to access the data without a username or password. Hundreds of millions of people's personal information can (and often does) become exposed on the internet as a result of database security flaws, allowing threat actors to exploit that data for a variety of malicious purposes, including phishing and other forms of social engineering attacks, as well as identity theft.
According to CyberNews, hundreds of thousands of database servers are still open to everyone, with more than 29,000 insecure databases exposing nearly 19 petabytes of data to hacking, tampering, deletion, and other threats.
The fact that tens of thousands of open databases have data exposed is nothing new. Indeed, cybercriminals are so aware of this that a vulnerable database can be identified and targeted by threat actors in only a few hours.
After years of huge data breaches, ransom requests, and even crippling data wipeouts by feline hackers (meow), one would think database owners would be aware of the issue and, at the very least, ask for a username and password before letting someone in.
To conduct the investigation, CyberNews used a specialized search engine to look for open databases for Hadoop, MongoDB, and Elasticsearch, three of the most common database types. As a result, the true number of unprotected databases and the volume of data exposed is undoubtedly much higher than they discovered.
According to the results found, there are at least 29,219 vulnerable Elasticsearch, Hadoop, and MongoDB databases are let out in the open.
Hadoop clusters outnumber the competition in terms of exposed data, with nearly 19 petabytes available to threat actors who could put millions, if not billions, of users at risk with a single click.
Elasticsearch leads the pack in terms of exposed databases, with 19,814 instances without any kind of authentication, placing more than 14 terabytes of data at risk of being hacked or held hostage by ransomware gangs.
MongoDB appears to do much better than others in terms of terabytes, but the 8,946 unprotected instances demonstrate that thousands of organizations and individuals who use MongoDB to store and handle their data still have a long way to go in terms of basic database security.
Unknown cyber criminals conducted a series of so-called "Meow" attacks in 2020, wiping all data from thousands of unsecured databases without explanation or even a ransom demand, leaving shocked owners with nothing but an empty folder and files labeled "meow" as the attacker's signature. It was found that 59 databases hit by the ‘Meow’ attacks a year ago are still unprotected and collectively leaving 12.5GB of data exposed.
According to CyberNews security researcher Mantas Sasnauskas, this only goes to show that raising awareness about exposed and publicly accessible databases is as important as ever.
“Anyone can look for these unprotected clusters by using IoT search engines to effortlessly identify those that don’t have authentication enabled and exploit them by stealing the data, holding them ransom, or, as was the case with the ‘Meow’ attack, simply destroy valuable information for fun, wiping billions of records and crippling both business and personal projects in the process.”
Databases are used by businesses of all sizes to store customer and employee records, financial details, and other confidential information. Databases are often operated by administrators who lack security training, making them an easy target for malicious actors.
The owner of a database can take certain steps to protect the database from unwanted visitors like:
1.Authentication should be activated so that no one can access your database without the correct credentials or ssh key.
2.One must not use the default password – threat actors scour the internet for publicly available databases with default passwords allowed and target them on the spot.
3.Maintain the latest version of your database program.