未加星标

MongoDB Attacks Jump From Hundreds to 28,000 In Just Days

字体大小 | |
[数据库(综合) 所属分类 数据库(综合) | 发布者 店小二05 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

MongoDB Attacks Jump From Hundreds to 28,000 In Just Days

Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. On Monday, researcher Niall Merrigan reported 28,000 misconfigured MongoDB were attacked by more thana dozen hacker groups. That’s sharp increase from last week when 2,000 MongoDB had been hijacked by two or three criminals.

A wave attacks was first spotted on Dec. 27 by Victor Gevers, an ethical hacker and founder of GDI Foundation. That’s when he said a hacker going by the handle “Harak1r1” was compromising open MongoDB installations, deleting their contents, and leaving behind a ransom note demanding 0.2 BTC (about $220).

Victims would discover they were hit with the data theft only when they accessed the MongoDB and came across a top database field with the ransom demand that read, “Contact this email with your IP of your server to recover your database.”

Escalation of the attacks happened fast jumping from 200 14 days ago to 2,000 the following week. On Friday the numbers were at10,000, and by Monday Merrigan said there wasa huge spike in attacks via his Twitter account reporting 27,000 servers compromised representing 93 terabytes of data gone.

WHOA… Latest #mongodb download from @shodanhq massive jump in ransomed databases 93TB gone (snapshots taken at 1530 and 2130 CET) pic.twitter.com/MakOlrbptt

― Niall Merrigan (@nmerrigan) January 8, 2017

Merrigan and Gevers have been tracking both the number of attacks and the number of groups behind them via a spreadsheet with the latest updates . As of this writing, close to 28,332 victims have been reported.

Since identifying “Harak1r1” as the original attacker, they say more thana dozen additional hackers are now actively targeting MongoDB installations as well. Researchers said that in many cases, data stored in the MongoDB now is simply being destroyed and when victims pay the ransom they do not receive their data back.


MongoDB Attacks Jump From Hundreds to 28,000 In Just Days

Last week, Gevers told Threatpost attackers were battling among themselves. He said, when one hacker would leave a ransom note, another hacker would target the same database, delete the original ransom note and leave their own. This further complicates a victim’s ability to retrieve data even if a ransom is paid, he said.

The problem stems from companies that have used the default installation configuration for MongoDB, which does not require authentication to access the database. Researchers say hackers using a Shodan query or scanning the Internet for vulnerable installations can easily find MongoDB servers online.

Gevers said a recent scan using Shodan revealed 46,000 open MongoDB ripe for attack. He added that an uptick in victims is due to the fact attackers have automated attacks via scripts. He added that because the MongoDB configurations require no credentials, the script used in the attacks issimple to write and execute.

Representatives at MongoDB did not return calls for comment. However, last week when initial reports of MongoDB databases being compromised began to surface, the company published instructions on how admins can secure their databases and respond to attacks.

本文数据库(综合)相关术语:系统安全软件

主题: MongoDBTwitter
分页:12
转载请注明
本文标题:MongoDB Attacks Jump From Hundreds to 28,000 In Just Days
本站链接:http://www.codesec.net/view/523037.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 数据库(综合) | 评论(0) | 阅读(22)