The number of databases published on the Internet continues to grow, with 308,000 databases identified for 2021.
Group-IB, one of the leaders in global cybersecurity, conducted a study of exposed digital assets discovered in 2021.
In this study, Group-IB’s Attack Surface Management team analyzed instances hosting Internet-facing databases.
The results showed that by late 2021, the number of databases for public use will increase by 16% to 165,600, most of which are stored on servers in the United States.
In the first quarter of 2022, the volume of exposed databases peaked at 91,200 instances, researchers at threat intelligence and research firm Group-IB said in a report.
Often it is due to misconfiguration that databases are exposed on the front page of the Internet.
Hackers often use search engines accessible from the Internet to locate databases and steal or extort content.
Group-IB used the Attack Surface Management solution to scan the open ports associated with accessing the database to see if any indexes or tables were available.
The company states that its solution is limited to verifying that the database is public and does not have the ability to collect and analyze the contents of the database.
Most of the published instances discovered by Group-IB are on servers in the US and China, with Germany, France and India also present in notable proportions.
The database management systems used by the exposed instances are mostly Redis, with almost twice as many as MongoDB; Elastic has as few as tens of thousands, and MySQL has the lowest number of instances detected by Group-IB.
These management systems have taken steps to alert the administrator if an instance is configured for public access without a password, but the problem has not been solved.
Administrators can help secure the database by following these important steps during instance setup and after maintenance sessions.
- If the database does not need to be exposed, do not expose it.
- Keep database management systems up-to-date to reduce exploitable vulnerabilities.
- Use strong user authentication to access instances.
- Implement strong data encryption protocols for all stored information.
- Use database and web application firewalls with packet filters, packet inspection, and proxies.
- Use real-time database monitoring.
- Do not use default network ports that would expose instances to malicious scanning.
- Follow server segmentation whenever possible.
- Store offline backups of data in encrypted form.