MongoDB Ransomware Attacks

Following the news about the gigabytes of medical, payroll and other data held in MongoDB databases have been deleted in a cyber attack, with the attacker seeking a ransom to restore the information. IT security experts from Cryptzone and Varonis commented below.

Jason Garbis, Vice President of Products at Cryptzone:

“Attacks – such as those against MongoDB databases, are exceptionally damaging but frustratingly they’re also preventable.

“Exposing any system to the ‘Internet Cesspit’ is fundamentally a bad idea. All systems have weaknesses – whether it’s a vulnerability, poor configuration or inadequate controls. It’s far too easy for an attacker to use Shodan [a search engine that lets users find specific types of computers such as web cams, routers, etc.] to discover and then violate them.

“Rather than putting all of their systems in the shop window, particularly one that doesn’t even have any glass to protect it, companies must wake up to the realization that a new approach to network security is required. Taking an identity-centric approach, so one that only permits authorized users to access resources, would effectively brick up the window to anyone that doesn’t know its there, locking the attackers out and rendering their malware impotent.”

 Rob Sobers, Director at Varonis:

“Organisations that run web-facing systems are in for a world of hurt if they aren’t maniacal about patch management. Ransomware allows attackers to indiscriminately scan for vulnerable systems and encrypt data en masse, yielding a small fortune in bitcoins.

“MongoDB is not unique—OpenSSL, Apache, MySQL, Linux, etc. have all had their fair share of security. We’ve seen hackers exploit WordPress vulnerabilities that were patched more than 10 years ago!

“The problem of overexposed data goes behind the public Internet, too.  We see the same exact problem behind the corporate firewall—it’s not uncommon to find hundreds of thousands of sensitive folders with highly sensitive data exposed to every user on the network within the first few minutes of a risk assessment.

“There are a few fixable security failures here, namely poor configuration and patch management and not knowing where sensitive data resides.

“Organizations should have a documented patch management process, should scan for vulnerabilities and configuration mishaps, and discover and classify sensitive data and systems so they can properly lock them down.

“We cover many best practices around security web applications in our free video series Web Security Fundamentals, taught by security expert Troy Hunt.”