未加星标

MongoDB and Ransomware

字体大小 | |
[数据库(综合) 所属分类 数据库(综合) | 发布者 店小二03 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

Recent reports in the news of MongoDB databases being hacked are not new but the ransoms demanded for the return of data is a new twist on an old problem - insecure MongoDB databases. Compose MongoDB users haven't had to worry about the problem, but it is worth looking at what is going on and why it isn't a worry for them.

We've talked aboutunsecured MongoDB in the past, but these recent attacks show the problem has not gone away even though MongoDB changed the "out-of-the-box" defaults on the database.

So what was the problem and how is it back? Simply put, people often create their own MongoDB instances in the cloud or on web-facing servers and don't put any access controls on them. Back in 2015, the out of the box default for MongoDB let anyone access it over the network with no passwords until a user was created for the system. Although initially convenient, it was too easy for people to forget to lock down the database. That insecurity was mitigated in MongoDB by ensuring that only connections from the machine the MongoDB instance was running on were accepted by default. But old versions and bad habits persist. What were 40,000 exposed databases on the internet has fallen to around 25,000 databases , but that's still 25,000 opportunities for bad actors.

The problem for those bad actors wanting to exploit this issue was that the data involved on those attackable databases was usually only valuable to its owners. That's led to this new "ransom" strategy where the data is deleted and replaced with a single record containing a demand for payment to get the data back. Some people have apparently paid too . Unfortunately for them, researchers have found there's no record in the logs of any backup being taken. There's also multiple attackers who may be overwriting each other's ransom notes that are left in the database.

The chances are, unless the owners of the databases made backups, that the data is lost and paying the bitcoin ransom will do nothing but mark the victim as someone prepared to pay a ransom. With at least 500 victims, this current spate of fake data-kidnappings still has a way to go.

Interestingly, the reports of vulnerable databases also include versions that appeared since the defaults were fixed on MongoDB. This does suggest that some users are using new database versions but relying on old tutorials offering bad practices for configuring their new MongoDB systems. Worse still, they could be knowingly dropping security measures to simplify making a database available.

Compose MongoDB users have not had to worry about this problem: when we deploy one of our production-ready MongoDB database deployments for you, it's automatically secured with a locked down administration user. If you administer a Compose MongoDB deployment you have to create users through the Compose console to enable database access. This does mean a little more to do when setting up your database deployment at Compose, but it also means people can't walk in and delete your data. That's a trade-off that is simply best practice.

Then there's the fully automated backup system taking regular backups and preserved for three months so even if an authorized user does delete data, there's a backup you can go back to. Better still, you can even restore your backups into a completely new database it's the default actually so you can verify them or use them for staging tests. The current Compose MongoDB platform also turns on SSL/TLS on by default so you can have encrypted connections to the database for in-flight credentials and data security.

The current spate of MongoDB attacks is unfortunate, but also avoidable. Whenever you put a database on the web, make sure you secure it or create it with someone who can keep it secure for you.

If you have any feedback about this or any other Compose article, drop the Compose Articles team a line [email protected] We're happy to hear from you.

本文数据库(综合)相关术语:系统安全软件

主题: MongoDB
分页:12
转载请注明
本文标题:MongoDB and Ransomware
本站链接:http://www.codesec.net/view/520750.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 数据库(综合) | 评论(0) | 阅读(119)