Researchers have discovered hundreds of thousands of databases exposed to the public-facing internet over the past year, putting them at risk of compromise, according to Group-IB.
The Singapore-based cybersecurity company’s Attack Surface Management team said it continually scans the IPv4 landscape to identify external-facing assets hosting exposed databases, malware, phishing panels, JS-sniffers and more.
It claimed to have found 399,200 exposed databases in this way from Q1 2021 to Q1 2022 and 308,000 in 2021. The number increased by 16% from the first to the second half of the year.
Most of those discovered in 2021 used the Redis database management system, followed by MongoDB, Elastic and MySQL.
The same techniques used by Group-IB could be deployed by threat actors to find and compromise these assets. They could potentially hold them to ransom or even engage in destructive attacks.
Researchers last month claimed that 90% of a random sample of Russian databases they found exposed had been accessed and either deleted or had file names changed by pro-Ukrainian actors.
Unfortunately, organizations struggle to gain visibility into and control over these exposed assets.
Group-IB claimed it took an average of 170 days in Q1 2021 and Q1 2022 for database owners to fix the misconfiguration issues.
Most (93,685) of the exposed assets discovered by the security vendor were in the US, followed by China (54,764), Germany (11,177) and France (9723).
Tim Bobak, attack surface management product lead at Group-IB, argued that these issues could be resolved relatively easily.
“Last year, over 50% of our incident response engagements stemmed from a preventable, perimeter-based security error,” he added.
“A public-facing database, an open port, or a cloud instance running vulnerable software are all critical but ultimately avoidable risks. As the complexity of corporate networks keeps growing, all companies need to have complete visibility over their attack surface.