Mongodb attacks leave thousands asking_ “is my database secure_” _ high-tech bridge security blog

It’s been a busy 2017 already, especially for hackers exploiting poorly-implemented database security. Data recovery illustrator In late 2016 a trickle of MongoDB servers were being attacked, wiped and ransomed, but the new year has caused that number to rocket over the last few days alone, jumping from 10,500 to more than 28,200.

Initially the attacks were conducted by one group, dubbed Harak1r1, but it’s now thought that twelve groups are engaged in launching attacks on unsecured MongoDB databases, including a professional ransomware group known as Kraken. Database management software Figures from security researchers Niall Merrigan, a solutions architect for consulting giant Cap Gemini, and Victor Gerves, co-founder of the GDI Foundation, imply that roughly 25 per cent of all internet-connected MongoDB databases have been compromised so far. Database normalization example There seem to be a few left though:

It’s not particularly clear that the deleted data is actually being copied by the attackers, Gervers says that he’s identified 84 examples of servers that have been wiped and left with a ransom note, but have “no trace of data exfiltration”. Database virtualization As security researcher Graham Cluley clarified on his blog: “ Data has definitely been wiped – we know that.


Data recovery machine And ransom demands for its safe return have been made. Data recovery cell phone What we don’t know is whether it’s actually true that data has been stolen. Data recovery wizard free That would, after all, be a lot of data to steal from many different systems. Pokemon x database It’s possible that the attackers are just taking a punt with their ransom demand… Data recovery chicago but don’t actually have the data to return.”

The open source MongoDB has come under fire before, as misconfigured MongoDB databases have exposed user password data and other sensitive information in the past, most memorably when 13 million Mackeeper users were exposed by the issue in 2015.

The current ‘hack’ relies on admins installing MongoDB with default settings, which leave the resulting database open to anyone to browse the databases, download them, or even write over them and delete them.

So what can you do about it? Well, if you’re running a MongoDB server and aren’t sure if you have secured it, Gervers advises following MongoDB’s security recommendations (which are here), or at the very least blocking port 27017 on your firewall or configuring MongoDB to listen only to 127.0.0.1 in /etc/mongodb.conf, and then restarting the database. R studio data recovery full version On a broader note, you could also test your webserver security with High-Tech Bridge’s free websec tool – here’s MongoDB, for example, getting an ‘F’ rating for security:

As Ilia Kolochenko, High-Tech Bridge CEO has said: “ Cybersecurity is not a rocket science as some people tend to think. Database wiki The methodology of success involves identifying all of your digital assets, conducting a holistic and comprehensive risk assessment, mitigating those risks and then continuously monitoring for new risks, threats and vulnerabilities. Data recovery freeware By following this methodology any company deploying misconfigured MongoDB would have realised and rectified the mistake long ago…”

banner