未加星标

Attacker Holds MongoDB Databases for Ransom

字体大小 | |
[数据库(综合) 所属分类 数据库(综合) | 发布者 店小二04 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

A cyber-attacker going by the name Harak1r1 has been using ransomware to hijack unprotected MongoDB databases, locking down and replacing content before asking for Bitcoin to return the data, a security researcher has revealed.

Victor Gevers , co-founder of the GDI Foundation (a non-profit dedicated to making the internet safer), has spent the last 18 years carrying out security research and has made more than 5200 responsible disclosures in his time, including searching for unprotected MongoDB servers and warning companies of their risky status.

On 27 December Gevers stumbled across a MongoDB database that was open to external connections without an admin account password which is often the case. However, when he accessed the open server, Gevers discovered this ransomware attack was a little different than most.

Speaking to Infosecurity , he explained that the attacker created a local copy of the data, deleted the original database, and then created a database and a collection within, both named WARNING.

“I have seen indications of silent theft but never that a database was deleted,” he added. “Replaced with a new one called WARNING, with only one collection (table) with one record, all named warning with one single message that leads to one bitcoin address. Stealing data is very common and has been going on for years, but monetizing open databases [in this way] for ransom is a new development.”

Gevers argued that this is just the latest example of the security risks that surround unprotected, open databases, describing them as “disasters that are waiting to happen”, with many instances of large data leaks involving unprotected MongoDB databases.

“Our advice would be to protect this server with a firewall blocking port 27017 and limit the access of the service with bind_ip to only accept local connections as option in the configuration. Or you can choose to restart the database server with -auth option after you create users who can access the database.”

Also, Gevers urged users to check MongoDB accounts to see if somebody added a secret (admin) user, check the GridFS to see if someone stored any files there, and check the logfiles to see who accessed the MongoDB.

本文数据库(综合)相关术语:系统安全软件

主题: MongoDB
分页:12
转载请注明
本文标题:Attacker Holds MongoDB Databases for Ransom
本站链接:http://www.codesec.net/view/520403.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 数据库(综合) | 评论(0) | 阅读(41)