Cloud configuration mistakes continue to pose a major security risk to organizations around the world. These unsecured cloud databases can leak sensitive user data and even allow unauthorized third parties to access or modify the data without any authorization.
Understanding the risk of unsecured databases
- In a new research conducted by Comparitech, it was found that attackers took less than nine hours to get their hands on unsecured databases.
- The research was conducted by setting up a simulation of a database on an Elasticsearch instance, that contained fake user data.
- Eventually, these unprotected databases were attacked 18 times per day by hackers.
- To find vulnerable databases, many attackers use an IoT search engine, like Shodan or BinaryEdge.
Quantifying the loss
Apart from malware attacks and hacks, unprotected databases are one of the primary reasons for the rise in the exposed user records. In its ‘2019 Data Breach Investigation Report’, Verizon Enterprise highlighted that 21% of data breach incidents that occurred in 2019 were due to misconfigured clouds. Some of the major data leaks that occurred in the last week include:
- Four misconfigured AWS S3 buckets and one unsecured Elasticsearch database belonging to five e-learning platforms leaked nearly one million records of online students. The five affected platforms were Okoo, Square Panda, Playground Sessions, MyTopDog, and Escola Digital.
- Another unsecured Amazon S3 bucket leaked nearly 1 million records of sensitive data belonging to students registered on CaptainU’s platform. The bucket contained GPA scores, ACT, SAT and PSAT scores, parents’ names, email addresses, home addresses, and phone numbers.
- The Family Tree Maker software exposed 25GB of its users’ data due to a misconfigured Elasticsearch server.
Attackers tapping profit from data leaks
Verizon’s latest data breach report also noted that threat actors are capitalizing on unsecured Elasticsearch instances and MongoDB databases exposed to the internet to make quick profits. They are dumping these databases and then selling data on cybercrime forums at favorable prices. Apparently, the trend continues to sell like a hot cake, so far.
- Over 270,000 accounts associated with Instacart customers were sold on two dark web forums.
- Researchers found more than 17,000 Slack credentials for roughly 12,000 Slack workspaces being sold online.
- CouchSurfing disclosed a breach after hackers sold the details of 17 million users on Telegram channels and hacking forums. The data was sold at a price of $700.
Mysterious Meow attack adds more trouble
To add more woes, a newly discovered Meow attack has wiped almost 4,000 unsecured Elasticsearch and MongoDB databases without leaving any explanation or even a ransom note. Looks like the operators behind the attack intend to give administrators a hard lesson in security by destroying the unsecured data.
‘Time is of the essence in these situations,” explains Bob Diachenko, a cybersecurity expert. It is important to secure databases, especially those that are accessible over the internet. Therefore, developers should exercise adding authentication or authorization key to databases.