Join our subscribers
Hacker hijacks 23k misconfigured MongoDB databases; threatens to leak data
Thursday, July 2, 2020
A hacker has uploaded ransom notes on as many as 22,900 misconfigured MongoDB databases after wiping their content, thereby forcing hundreds of companies to either pay up or lose their data altogether.
Organisations that misconfigure MongoDB databases must face legal action
Commenting on a hacker gaining access to and wiping data from almost 23,000 MongoDB databases, Ilia Kolochenko, Founder & CEO of ImmuniWeb, said that this large-scale extortion campaign may bring a powerful boost to cybersecurity awareness as many organisations carelessly expose terabytes of confidential and sensitive data online in unprotected cloud or databases.
“I think governments should mandate special agencies or law enforcement teams to crawl and monitor the Internet for such leaks affecting their jurisdictions. Once detected, legal action should be taken against the company behind the leak and all costs of the monitoring and investigation should likewise be imposed on the guilty company.
“Organisations, on their side, should urgently implement continuous attack surface monitoring and implement a well-though third-party risk management program. Today, many disastrous incidents and data exposures stem from negligent suppliers or vendors that have a privileged access to the data of their clients and fail to properly secure it.
“Paper-based questionnaires won’t help, and more proactive monitoring of attack surface and Dark Web for the data stolen from your suppliers is a requisite in 2020. Otherwise, we will certainly see a steady surge of such leaks,” he added. Read Full Article
SiliconANGLE: UC San Francisco pays $1.14M to hackers following ransomware attack
Information Security Buzz: Comment: University of California paid £1 Million ransom to Cyber criminals
