Attackers Ransom MongoDB Databases – Expert Commentary

By   ISBuzz Team
Writer , Information Security Buzz | Jul 03, 2020 01:45 am PST

The perpetrator has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password. The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for payment, threatening to expose the leak, and contact the victim’s local General Data Protection Regulation (GDPR) Enforcement Authority.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
James MacQuiggan
James MacQuiggan , Security Awareness Advocate
July 3, 2020 10:14 am

Databases are an excellent resource to efficiently store data. They make it easy to query or search for a variety of purposes needed by an organisation responsible for data. With the information stored such as names, addresses, phone numbers, and other sensitive data, certain technology features need to be implemented like access controls, encryption, and updates to secure the data from attack and exploitation.

Organisations should have a robust security program to update critical and necessary systems, restrict access to only those essential users or systems for access, and provide encryption to protect the data.

Failing to change default security settings, like replacing passwords for the default administrative accounts, puts an organisation at a higher risk of exploitation. These actions are similar to leaving your front door open to your home when you go away on vacation, making it easier for the criminals to steal your home’s valuables.

Last edited 3 years ago by James MacQuiggan
Jay Ryerse
Jay Ryerse , VP of Cybersecurity Initiatives
July 3, 2020 10:09 am

In today’s world, we are challenged by many things including a global pandemic, uncertainty, and of course, cybercrime. Two of these are likely out of our control, but practicing good cybersecurity is within our ability as business owners and service providers.

Areas we can focus on within our business include performing a regular risk assessment for technology because what we don’t know can hurt us. In a risk assessment which often includes a vulnerability scan, we can quickly focus our attention on matters of concern and reduce the likelihood of an attack or your ability to recover afterward. During this process, a third party risk assessor would identify devices with default passwords still in use and make strong recommendations to update the passwords and implement best practices for securing data.

In addition to assessing risk, we must consider the benefit of education for our users and our technical staff. Education for your staff reduces the chance of falling victim to a phishing attack which leads to opening up your network to cybercrime. And additional education and certification for your technical staff helps keep them informed on the latest threats, security best practices, and technology that exists today to defend and protect against cyber attacks.

In the case of the MongoDB compromise, technical staff need to always change or alter the default credentials of newly installed tools and systems.

Last edited 3 years ago by Jay Ryerse
Raif Mehmet
Raif Mehmet , Sales Director
July 3, 2020 9:51 am

Misconfigurations like this will continue to be a rampant issue as businesses continually fail to obtain visibility and control into all of their cloud footprint. Time and again, cloud misconfiguration issues allow servers to expose sensitive data that is not protected or encrypted, enabling unauthorised access and a host of other headaches for the enterprise and its data subjects.

To thwart ransomware attacks and mitigate their impact, all organisations need advanced threat protection – particularly during this era when more employees are working from home than ever before. Organisations should leverage security solutions that can identify and remediate both known and zero-day threats on any cloud application or service, and protect managed and unmanaged devices that access corporate resources and data. This includes solutions that can automatically block malware in the cloud that is both at rest or in transit. Additionally, organisations must ensure adequate employee security training to identify phishing attempts and illegitimate emails as phishing is the primary vector for ransomware attacks.

Last edited 3 years ago by Raif Mehmet

Recent Posts

Would love your thoughts, please comment.x