MongoDB Ransom Attack – Just The Beginning

After multiple attackers hijacking MongoDB databases for ransom, Cryptzone, a provider of dynamic, context-aware network, application and content security solutions, suggests the attack will give start to much broader database attacks in 2017. Jason Garbis, Vice President of Products at Cryptzone commented below. 

Jason Garbis, Vice President of Products at Cryptzone:

“The MongoDB ransom attack is just a precursor to the much broader database attacks we’re going to see in 2017. Now that attackers understand how easy this is, any unsecured database is going to be attacked and compromised – for some malicious combination of disruption, ransom, and disclosure.

“We’ve already seen this begin to spread – just in the past 10 days, the attack has expand beyond MongoDB, and there are now confirmed reports of ransom attacks on other noSQL-type databases including ElasticSearch, Hadoop, and now CouchDB.

“These attacks should not be happening – the victims’ databases are exposed to the entire internet, without any user authentication required. Basic security principles require that these systems should default to require user authentication, and developers should confirm this before deploying these systems.

“Unfortunately, as we see here, it’s far too easy for organizations to unwittingly expose their assets to attack. It’s time to take a more intelligent approach to network security, which ensures that all users are validated before they obtain any access. This kind of security architecture – which is simple to deploy – can easily protect databases and other assets from unauthorized user access – even if they don’t have authentication enabled.

“Database, development, and security teams have got to prioritize solving this problem – and it is a problem for most organizations. If you don’t want to have a business disruption on your hands, you’ve got to protect your servers now.”