The hackers behind MongoDB databases hacking spree also threatened to inform GDPR officials if the ransom is not paid.
There are several database management systems that exist out there such as AWS, Oracle, MySQL, PostgreSQL, or MongoDB. Although these organizations try their best to keep the infrastructure secure, blunders on users’ side can result in data breaches.
Such was discovered in a recent debacle where through the help of an automated script, a hacker scanned misconfigured databases that were using MongoDB and deleted all of their content (yes all). This was accompanied by a notice asking for a ransom amount of 0.015 Bitcoins which is equivalent to $137.90 currently.
The targeted databases number about 22,900 and statistically make up 47% of all MongoDB databases that are hosted online. These include both staged ones used for testing and live production ones. The misconfiguration, on the other hand, was that they were accessible without any password making it very easy for the attacker to breach their security.
Here is ransom note left by the hackers:
What furthers worsen the situation for all of these database owners is that the threat actor has also threatened to leak the data if not given the amount in 2 days along with reporting the data breach to the concerned GDPR authority.
This can also have legal repercussions for such businesses apart from the fact that consumer trust and a great deal of their reputation may be lost.
Coming to where it all started from, according to ZDNet who had a conversation with a security researcher named Victor Gevers, these attacks could be seen since April but with their fair share of mistakes.
For example, the hackers were initially leaving the same note repeatedly on the same databases every few days but later understood their fault and actually started deleting the data.
To conclude, this is not the first time that MongoDB databases have come under fire. Numerous incidents have occurred before including one 2 years ago in March 2018 when about 36 million records were leaked from unprotected servers as we covered it on HackRead.com.
In a conversation with Hackread.com, Raif Mehmet, Bitglass’ VP for EMEA region said that “Misconfigurations like this will continue to be a rampant issue as businesses continually fail to obtain visibility and control into all of their cloud footprints. Time and again, cloud misconfiguration issues allow servers to expose sensitive data that is not protected or encrypted, enabling unauthorized access and a host of other headaches for the enterprise and its data subjects.”
” To thwart ransomware attacks and mitigate their impact, all organizations need advanced threat protection – particularly during this era when more employees are working from home than ever before,” Mehmet suggested.
“Organizations should leverage security solutions that can identify and remediate both known and zero-day threats on any cloud application or service, and protect managed and unmanaged devices that access corporate resources and data.”
“This includes solutions that can automatically block malware in the cloud that is both at rest or in transit. Additionally, organizations must ensure adequate employee security training to identify phishing attempts and illegitimate emails as phishing is the primary vector for ransomware attacks,” Mehmet warned.
For the future, we will also continue to do so but an important takeaway is due here. Usually, small businesses would assume that no attacker would be on their throats seeing the low theft potential they present and how they being hacked would be akin to catching a needle in a haystack.
However, this and previous incidents teach us that hackers could regardless catch millions of “minions” through automation and consolidate their gains to make it worthwhile. If you run a small business here’s why it requires protection from cyber-attacks, why small business corporations fall easy prey to hackers, and how to protect your business infrastructure from such attacks.