Total Tests:

Malicious actor holds at least 31 stolen SQL databases for ransom

By Bradley Barth for SC Media
Wednesday, May 27, 2020

One year ago, in May 2019, the “Unistellar” hacking group made news after reportedly accessing thousands of unsecured MongoDB databases and replacing their contents with a message instructing owners to contact them via a Unistellar email address, apparently so they could deliver ransom payment instructions.

“In today’s pandemic bolstered e-commerce sector… most of the newly deployed web applications are insecure and vulnerable,” said Ilia Kolochenko, founder and CEO of ImmuniWeb. “We will likely see a protracted surge of new attacks targeting careless web shops. Most of them are unfortunately poised to be highly successful, and costly for the victims.”

To prevent future such incidents and protect confidential data, Cook advises that organizations begin by “first understanding the technologies being used to house the information and then taking steps to threat model how various forms of access could be possible. We recommend organizations perform proactive security reviews of their technologies as well as tabletop exercises that walk them through various incident scenarios. These exercises will help them determine what actions they could take before a breach happens, as well as helping them understanding their current capabilities/gaps.” Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential