Hundreds of MySQL databases have been hit in ransomware attacks, which were described as “an evolution of the MongoDB ransomware attacks,” according to security vendor GuardiCore. Travis Smith, Senior Security Research Engineer at Tripwire commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“The evolution of database targeted ransomware started with MongoDB and transitioned to Elasticsearch. These two products could be installed without any authentication mechanism. When deployed to the internet with default configurations, the databases were world writable. When installing MySQL, you’re prompted for a password which protects against ransomware attacks. What these attackers are doing is guessing the root password via brute force attacks. In practice, this is a very inefficient attack vector.
The adaption from MongoDB to MySQL can be expected. Databases hold some of the most sensitive information on the internet. Because of this, the value of the data can be exponentially greater than the data traditional ransomware targets.
MySQL can provide decent security out of the box, with enhanced protections available quite easily. By issuing the mysql_secure_installation command, users can follow a walk through on hardening their installations to protect against attacks like this. A good rule of thumb is protecting the root account with a long and complex password in addition to preventing login from the internet, preferably only allowing local authentications.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…