In total, 308,000 unsecured databases were found exposing sensitive assets worldwide of which around 90,000 databases have already been identified in the first quarter of 2022, a dramatically higher number than last year.
In July 2020, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. Now, the IT security researchers at Group-IB have revealed startling figures about the surge in exposed databases.
Cybersecurity firm Group-IB’s Attack Surface Management team confirmed identifying 308,000 exposed databases in 2021, and over 165,000 of them were identified in the second half of the year.
The Singapore-based firm’s researchers continually scan the IPv4 ecosystem to detect external-facing assets hosting vulnerable or exposed databases, phishing panels, malware, and JS-sniffers. The researchers found 399,200 exposed databases between Q1’21 and Q1’22 and 308,000 in 2021, marking a 16% increase from the second half of 2021.
The severity of misconfigured and exposed databases can be quantified by the fact that earlier this year, Anonymous and its affiliate group of hackers compromised around 90% of Russian cloud databases that were exposed to the public without any security authentication or password.
Possible Dangers?
Group-IB claims the probability of such databases being exploited in cyberattacks and costly data breaches is terrifying. The dangers of an exposed database may include a data breach, a follow-up attack on customers/employees whose data was exposed, etc.
In 2021, IBM identified that the average cost of each data breach was more than $4.2 million during the coronavirus pandemic, which was 10% higher than in 2020.
Moreover, the average time required to detect and address the breach also increased to 287 days, which was 170 days in 2020. This is among the main issues, claims Group-IB since timely discovery is essential to prevent threat actors from stealing sensitive data or advancing in the network further.
Redis Database Management Systems Most Vulnerable to Exposure
According to Group-IB’s blog post, most of these exposed databases used the Redis database management system, around 37.5% of them. The second most vulnerable was MongoDB with 31%, and the third most vulnerable DMS (database management system) was Elastic, with 29% of the exposed databases using it.
According to Group-IB’s report, the largest number of exposed databases that they identified, around 93,600, was located on servers based in the USA, followed by China, which had 54,700 exposed databases, German servers hosted 11,100 and France hosted 9723 of the exposed databases. Around 111 databases were exposed to the web in the UAE and 372 in KSA between Q1’21 and Q2’22.
A public facing database, an open port, or a cloud instance running vulnerable software are all critical but ultimately avoidable risks. As the complexity of corporate networks keeps growing, all the companies need to have complete visibility over their attack surface.
Tim Bobak
Attack Surface Management Product Lead at Group-IBB
Topics Related to Exposed Devices
- FOX News Exposed 13 Million Sensitive Records Online
- Security giant exposed 3TB of sensitive airport & employees data
- Kids luxury clothing store Melijoe exposed 200GB of customers’ data
- 28,000 exposed printers hacked to highlight the lack of printer security
- 350 million email addresses exposed on a misconfigured AWS S3 bucket