DTX Manchester DTX Manchester
  • About Us
Wednesday, 3 March, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Unsecured Internet-facing database attracts hackers in a matter of hours

Comparitech honeypot research finds unsecured database attacked in under 9 hours of being exposed

by Beth Smith
June 10, 2020
in Editor's News, Featured, Guru's Picks, News, Research, Threat Detection
Unsecured Internet-facing database attracts hackers in a matter of hours
Share on FacebookShare on Twitter

You only have to read the news on this very website to find countless stories of instances where companies have inadvertently left a database exposed on the web – it’s every security professional’s worst nightmare.

 

Researchers at Comparitech, who will often be the source of finding these misconfigured databases to alert the unsuspecting company, decided to set up a honeypot experiment to see just how little time it would take before such a database could be found.

 

Head cybersecurity researcher, Bob Diachenko created a simulation of a database on an Elasticsearch instance complete with fake user data and left it publicly exposed to record the results over 11 days.

 

In just over 8 hours after exposure, the database had attempted unauthorised access (which Diachenko refers to as an “attack). And over the days where it was left exposed, it was attacked on average 18 times a day, 175 times in total.

 

The research should serve as a stark reminder to companies of the importance of securing databases like Elasticsearch and shows just how opportunistic hackers are. Commenting, Warren Poschman, senior solutions architect at comforte AG, said:

 

“IT departments leaving unprotected databases on the internet, data in misconfigured S3 buckets, or not patching critical systems that are internet facing is an unfortunate and increasing regular occurrence as more organisations cloudify their legacy operations or move toward new cloud-native infrastructures.

 

“With hundreds of controls and a multitude of regulations emerging to protect privacy proper and robust implementation can be a daunting task – let alone the basic security requirements that are required for basic survival,” he continued.

 

David Kennefick, product architect at Edgescan said that his team finds these instances a lot more than people might think as Edgescan monitors for exposed databases as part of its continuous profiling service; however, the cloud has improved matters. He said: “There has been a substantial improvement during the great cloud migration. Using a service such as AWS or Azure, which automatically locks down your machines and services, is a great way to reduce the likelihood of leaving something exposed. These providers, in fact, have this control enabled by default, meaning that users have to go out of their way to leave anything exposed on the internet.

 

“The issues with exposed databases are introduced when teams are managing technologies that don’t have this control enabled by default – there is an assumption of security, and this leads organisations down the path of accidental exposure,” Kennefick explained.

 

Of course, if the good guys are searching, so are the bad guys. Boris Cipot, senior security engineer at Synopsys, explained that hackers have created their own search engines to hunt out exposed databases or devices.

 

“Finding exposed databases or devices on the internet today quite easy, as further proven by Comparitech’s honeypot research. There are specially designed search engines that look for exposed devices on the internet, and even malware like Kaiji (as one example) automatically looks for exposed operating systems with root access,” Cipot said.

 

“For this reason, a timestamp of less than 9 hours before the first “attack” started is nothing surprising. It however shows that there is not much time for companies to find a mistake and repair it before there is potential for a bad actor to identify and manipulate it. Every mistake in provisioning your resources can lead to big problems. We see often that insecure steps are made when deploying instances in the cloud environment. Insecure security settings lead to exploitable systems and devices.”

 

Comforte’s Poschman noted that the findings are key indicators that going beyond the perimeter, access controls, and other traditional controls are absolutely necessary.

 

“Data security is that one catch-all that must not be left out.  By implementing a data-centric security, organisations can eliminate risk by ensuring that data is protected regardless of where it resides or who is using it – not a nice to have but a necessity given today’s attack vectors and expanding cloud usage,” he said.

 

Synopsys’ Cipot recommended that companies think about provisioning resources much like a pilot’s checklist before take-off, which will to lead to two important things, “first, the creation of security policies and procedures and secondly, a checklist that does not allow room for mistakes.”

 

The full details, including what attack methods were used and what attackers attempted to do with the data, can be found in this blog:

https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: database securityhoneypotResearch
Share4TweetShare
Previous Post

One Identity Safeguard now offers free Personal Password Vault

Next Post

Trickbot Malware Spreads Through Fake Black Lives Matter Campaign

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Top 10 awards to enter for cybersecurity 

March 3, 2021
Medal

Identity theft: US Congressional Medal of Honor

March 3, 2021
Dripping tap

Learning from past hacking attacks

March 2, 2021
Twitter Logo

Twitter tightens rules on the spread of misinformation

March 2, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept