Cyber Attackers Wiped Out Improperly Secured MongoDB Databases
Cyber criminals continue advancing their technique to fulfill evil intention. This time they have targeted 12,000 MongoDB databases which is considered to be unsecured. The cyber crooks delete the targeted database completely and then want victims to contact them for further action. This attack is very similar to ransomware attack where it first encrypt files and then want user’s to purchase decryption key to restore files. However the amount of money demanded by cyber extortionist is not known but according to cyber expert, the crooks can demand money in cryptocurrency and the amount of ransom depends on the sensitiveness of the data which is stored in the database.
This is not the first time when cyber criminals has attacked MongoDB Databases, according to reports around 28,000 users of this database fall victim to the cyber crooks. The attack on MongoDB Databases was first spotted on 24th April, 2019 by a security researcher known as Sanyam Jain. According to the researcher, similar to a ransomware attack, a note is dropped which contain details about attack and the steps which victims can take further to restore the database.
Note Dropped After Deleting MongoDB Databases
In order to fulfill their demand, cyber criminal drops a note after deleting MongoDB Databases. The note is named as “Restore ? Contact : [email protected]”. The main purpose of hackers behind dropping this note is to demand ransom money from user’s in exchange to restore their files. However the ransom amount is not specified in the note but as mentioned above, crooks can demand huge amount of ransom in form of cryptocurrency. The ransom note also want victims to contact on [email protected] or [email protected] email for further information of data restoration. Below you can see the ransom note used in this attack :
So, what make these attack possible? Actually the attacks are possible just because access of MongoDB Databases is not properly verified as they are remotely open. However, the method used by cyber criminal to delete the databases is not still known but according to cyber security expert, the process may be totally automated.
How You Can Secure MongoDB Databases?
As already mentioned, MongoDB Databases are targeted by cyber extortionist because they are not secured properly. So the best way to prevent such attack is to follow the prevention tips suggested by cyber security expert. Below are some preventive measures by using which you can tightens up the security of MongoDB Databases :
- Enable authentication : You should enable the authentication of MongoDB Databases even it is deployed on trusted networks. It will work as defense in case your network get compromised.
- Don’t expose to Internet : You should restrict physical access of the database because it is a necessary aspect of security. If you prevent attacker from physically access the database, it is more secured.
- Always use Firewalls : You should use Firewall to restrict the entities which is allowed to connect with server of MongoDB Databases.
If you strictly follow the above mentioned security tips, you can easily protect your MongoDB Databases from such attacks.
Andrew kirsten got several year of expertise in cyber security. He like writing about cyber threat and helping user’s so that they can keep their system protected. Andrew also has a passion of finding new ways to enhance cyber security in order to counter latest technique used in cyber attacks.