Many companies accidentally leave their databases exposed on the web, and data breaches or security incidents occur daily. Unsecured and misconfigured servers often lead to data leaks that can become logistical and legal nightmares for companies, leaving the privacy and security of customers or company assets at risk.
But how long does it take for cyber criminals to spot and target unsecure databases? According to a recent study by Comparitech’s research team, bad actors locate and target exposed databases within 8 hours of them becoming public on the Internet.
During their test, Comparitech set up a honeypot on an Elasticsearch server, storing fake and unsecure user data. The database, which remained publicly exposed between May 11 and May 22 was targeted just 8 hours and 35 minutes after its deployment on the web. By May 16, just one minute after the Shodan IoT search engine indexed the database, two attacks were noticed.
The research team observed as many as 175 attacks targeting the bogus database.
“The largest number of attacks in a single day occurred on the same day the database was indexed: 22 attacks in total,” researchers said. “It’s worth nothing that over three dozen attacks occurred before the database was even indexed by search engines, demonstrating how many attackers rely on their own proactive scanning tools rather than waiting on passive IoT search engines like Shodan to crawl vulnerable databases.”
A malicious bot also spotted the honeypot. On May 29, a ransomware bot deleted the contents of the database, leaving a ransom note behind.
“If you want recover your data send 0.06 BTC to [redacted] and you must send email to [redacted] with your IP,” read the blackmail note. “If you need a proof about your data just send email. If you don’t do a payment all your data may be used for our purposes and/or will be leaked/sold.”
While the majority of attack methods aimed to gather information regarding the status and settings of the database, some bad actors were interested in hijacking the server to mine cryptocurrency, steal passwords and destroy the data.
The bulk of requests deployed to gather intelligence on the database include various attack methods:
Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.View all posts
Don’t miss out on exclusive content and exciting announcements!