"Unprotected MongoDB instances remain an easy target for financially motivated hackers, with over 1,400 servers currently showing signs of compromise, threat management firm Flare reports. Ransacking MongoDB databases was a trend roughly a decade ago, with over 33,000 instances hijacked in a massive campaign detailed in early 2017. Because database owners failed to properly protect internet-accessible MongoDB instances, hackers accessed them, wiped their content, and dropped ransom notes demanding payment in exchange for the erased content."
"Alarmingly, 3,100 databases are exposed to the internet without proper restrictions, allowing anyone to access them. Of these, 1,416 instances (45.6%) have been compromised, with their contents replaced with ransom notes typically demanding a $500 ransom payment in Bitcoin, Flare says. In 98% of these cases, the ransom notes mention the same bitcoin address, strongly suggesting that the MongoDB ransacking was performed by the same threat actor."
Over 200,000 MongoDB servers are publicly discoverable, with more than 100,000 disclosing operational information. 3,100 databases are exposed to the internet without proper restrictions, allowing anyone to access them. Of those exposed, 1,416 (45.6%) show signs of compromise and had their contents replaced with ransom notes typically demanding a $500 Bitcoin payment. Ninety-eight percent of the ransom notes reference the same bitcoin address. The remaining 1,684 exposed servers show no infection; some owners may have paid ransoms. The identified servers include over 95,000 instances with at least one vulnerability, many enabling denial-of-service conditions.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]