David Sygula at CybelAngel explains the importance of tightening security around open databases in order to prevent data leaks
Research has revealed that over 36 billion records were exposed globally throughout 2020. A big contributor to this was open databases, which are reportedly responsible for 86 percent of all publicly accessible sensitive records.
Billions of these documents leak out of business perimeters through unsecured databases due largely to misconfigured servers. In fact, a massive 67 percent of all leaks originating within the organisation result from errors such as misconfiguration.
These open databases result in organisations, unknowingly, leaving back doors to their data wide open, which can be exploited to devastating effect by hackers. Criminals will ideally choose the path of least resistance, so any databases left completely open, with no requirements for logins or passwords, are an all too easy target.
Our research found that MongoDB databases are the type most often targeted by attackers, as they are often online and left unprotected. However, whatever database you use, you are likely to be leaking data, and so leaving yourself open to a breach.
The speed in which open databases are attacked is phenomenal. One experiment using an unsecured database revealed that over 11 days, it was attacked 175 times. Attackers seek out these open databases so it’s therefore imperative that organisations understand how this data is being accessed, and what can be done to tighten their defences.
Causes of open databases
Whilst technology is one of the main causes of database exposure, we’ve found that the root cause is often human error. This could be down to a shortage in staff with specialist skills, high workloads among existing staff, or even lack of visibility over forgotten databases.
Maintaining databases requires complex and time-consuming patching, which could leave databases vulnerable during downtime. Open API access can also lead to major security risks, if wrongly configured by the accessing third party.
Additionally, backup storage media can cause data leaks if left unprotected, unmonitored and with unrestricted access. And when combined with unnecessary and excessive levels of privilege, it can leave businesses particularly vulnerable to leaks.
Research revealed that some 60 percent of businesses have experienced a major data breach caused by a third party and open-source software is a primary source of attacks. According to Synopsys, 99 percent of commercial databases contain at least one open-source component, and nearly 75 percent of these code bases contain open-source security vulnerabilities.
Knowing that these are the primary causes of open databases, organisations should focus their efforts on countering these weaknesses.
Threat actors can extract information from exposed databases through several techniques, including using stolen email addresses and logins, as well as other personally identifiable information (PII). Their motivation is often financial gain, either by demanding a ransom to regain access to locked data or by threatening to leak the data publicly if demands are not met.
In 2020, we’ve also seen a rise in ‘Meow’ attacks, in which hackers seek out unsecured databases and simply wipe them out without demanding a ransom or providing any form of notice or attribution. According to one report, these Meow attacks may be vigilante attempts to stop data disclosure from unsecured databases. However, they cause more damage as they prevent businesses from identifying weaknesses in their databases and solving the issues from their end, leaving databases open to further attacks.
The cost of breaches in which over 50 million records were compromised has jumped from $388 million in 2019 to $392 million in 2020. Breaches with 40 million to 50 million records exposed cost companies an average of $364 million, which is $19 million higher than in 2019.
Mitigating the risks
At the basic level, businesses should keep patching up to date. However, without the specialist training in these areas of security, there is a higher risk of human error. Service and product providers should have strict DevSecOps quality control in place, as well as default settings that prevent vulnerabilities from being introduced.
Additionally, digital risk solutions can disrupt an attacker’s kill chain – the logical progression of actions needed to achieve their objective – enabling defenders to take pre-emptive action that hinders an attacker’s progress. These technologies work to prevent hackers gaining an initial foothold, by identifying what exposures a business has on their network, closing that access, expelling intruders, strengthening defences and minimising the risk of becoming a breach victim.
On top of this, comprehensive IP scanning can offer that visibility. In-depth, document-centric scanning of every layer of the web will detect leaks of sensitive or confidential data, whether from a cloud provider, vendor, contractor or a past or present supplier. It scans the entire IP spectrum, so it will scan any internet-connected device.
The main causes of exposed databases are known. Whether the cause is human error from misconfigurations, excess third-party privileges, open API abuse, or open-source software flaws, they could all lead to devastating consequences. With multiple factors leading to data exposure, a business must seek to proactively find and remediate leaks before they evolve into breaches.
David Sygula is Senior cyber-security analyst at CybelAngel
Main image courtesy of iStockPhoto.com