Published: August 26, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
There’s a hacker out there who means what they say about ransomware attacks. In particular, this cybercriminal is targeting unsecured MongoDB databases and apparently, there’s no shortage of potential victims. Research by Comparitech revealed that unsecured databases are targeted by hackers at least eighteen times a day as long as they remain exposed. MongoDB is in good company with a growing list of public-facing database attacks, including those on Amazon S3 data buckets. Since 2016, MongoDBs have been in the crosshairs of hackers and continue to be vulnerable today. In 2017, the discovery of 60,000 exposed MongoDB’s has changed, but not much, with today’s count at 48,000 still exposed three years later.
For MongoDB’s, the vulnerable data is ransomed, followed by threats to delete the entire database within two days unless a ransom is paid. The threats are very real. The $140 ransom may seem to be a trivial amount, but hackers make up for that with a high volume of attacks that add up to big bucks. With low ransom demands, hackers believe they are more likely to be paid. For MongoDB attacks, ransom notes were sent to 22,900 users, or approximately 47% of all their online databases.
Not only should the MongoDB ransom notes be taken seriously, the hacker adds a new twist to the crime. They threaten to report the data leak to the local GDPR (General Data Protection Regulation) authority, a serious issue in the European Union (EU). The GDPR oversees and regulates corporate hacks in the EU, charging substantial fines and other sanctions to businesses who are reckless with their customer data. For MongoDB users, it’s clear the data is vulnerable when privacy settings are improperly configured to “public” instead of “private.” It’s simple enough to correct, but many MongoDB users are still totally unaware the problem even exists.
Unsecured databases are increasingly targeted by bad actors for a reason. The simple one is the sheer number of vulnerable databases out there that are easy to find and compromise. However, it doesn’t mean that a business is incapable of securing their data, but awareness of the problem is necessary to fix it. Checking default settings on a database before making it active can help avoid ransomware attacks like those on MongoDB’s. Many databases have the default setting as public, so for any business, verifying the settings are correct can be invaluable.
Even with default settings checked, many databases are left unprotected by password authentication or firewall protection, something hackers are always happy to find. The best advice to companies using MongoDB or other database solutions is to check every setting and to ensure the data isn’t vulnerable to hacking. There’s a MongoDB Security page available for users to consult for proper configuration guidance.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org