MongoDB Ransomware Attacks Show Need For New Security Techniques
The recently reported ransomware attacks on MongoDB are shocking not just by the sheer number of them – over 28,000 and counting – but also by how easily they were compromised. These attacks did not require any sophisticated malware or hacking schemes to pull off. They took advantage of poor administrative practices, and remind us of the need for both preventative measures as well as real-time threat detection.
How Did This Happen?
The technique behind the MongoDB ransomware attacks is surprisingly simple. It takes advantage of the fact that many MongoDB servers, as well as other types of database instances, have their access ports open to the Internet with no authentication enabled. The hackers could simply scan the default ports (27017 and 27018 for MongoDB). Once an open port is located, a login attempt is made. If no administrative credential is required, the hackers can take full control of the database.
Read the entire article here, MongoDB Ransomware Attacks Show Need For New Security Techniques