Another data breach: MongoDB 26 000 servers infiltrated

by Julie Splinters - - 2017-09-05

MongoDB faces another huge data breach

MongoDB servers get compromised again

MongoDB, which functions as a free set of databases for storing documents, suffers again from a massive attack caused by ransomware developers. More than 26 000 servers^[1] are said to have been hijacked in the campaign lasting since the weekend.

IT researchers have identified that three major gangs of felons (one of them seizing 22,449 servers) have managed to compromise the integrity of MongoDB databases since the weekend. Now IT experts and users are concerned only with one issue – how to prevent another such attack?

Continuation of the previous attacks?

Unfortunately, these attacks might foreshadow the sequel of the major attack on the databases which took place at the end of last year^[2] when multiple thousands of MongoDB servers have been compromised.

However, a short break since the last attack turned out to be just calm before a storm. Now, there are fewer perperators, but there are able to inflict greater damage in the overall. Three groups have been identified disguising under these email addresses: cru3lty@safe-mail.net, wolsec@secmail.pro, and mongodb@tfwno.gf. The former succeeded in hijacking 22.449 servers.

At the moment, the assault is still under investigation. Further analysis should present insights how the villains managed to conduct the attack.

The season of data breach is coming

Observing the tendencies of last year of major data breach incidents, this year does not present any reassuring forecasts. Recently, Taringa, the social network popular in Latin America, was reported to have been hacked.

Experts assume that more than 28 million records including personal users' email addresses and passwords have fallen into the hands of cyber criminals.^[3] One of the key factors which let the racketeers seize hold of the data was the MD5 algorithm, notoriously known for its vulnerability.

Another major data incident occurred in Swedish when the government admitted that almost all of its citizens’ data had been exposed after the security vulnerability was exposed in the national driving license database.^[4] Though it might be difficult to perceive how it was overlooked leading to a massive data breach incident, these cases reveal that, globally, cyber security is still not taken seriously.

Besides rampaging ransomware, such as Lukitus, such reckless mistakes cost millions of dollars. Raising awareness on malware prevention should be one of the key priorities in the companies and national institutions. They should employ the sufficient number of cyber security experts to be able to secure most important entity on the data – personal data.

About the author

Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References

^ Catalin Cimpanu. Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims. BleepingComputer. News, Reviews and Tech Support.
^ Swati Khandelwal. Someone Hijacking Unsecured MongoDB Databases for Ransom. The Hacker News. Security in a serious way.
^ Jason Murdock. Taringa hacked: More than 28 million user records stolen from popular social website. International Business Times.
^ Nick Ismail. Swedish Government’s major data leak: lessons for the enterprise. Information Age. For IT leaders from the UK's fastest growing enterprise.