Researchers on Wednesday reported that in the second half of 2021, the number of public-facing databases increased by 16% to 165,600, with most of them stored on web servers in the United States.
In a blog post, Group-IB’s Attack Surface Management team, said the number of databases exposed to the open web has been growing every quarter to reach its peak of 91,200 in Q1 2022.
Corporate digital assets that are not properly managed undermine a company’s security investment and increase the attack surface, Group-IB experts warned.
“The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured,” said the researchers.
In most cases, all it takes for things to go south is minor configuration changes to the database service or firewall, said John Bambenek, principal threat hunter at Netenrich. Bambenek said in general, this means seconds of effort, adding that security teams should manage cloud instances by Puppet, or similar, to ensure all operating systems are hardened by default.
“You can’t expect DevOps engineers to do it after the fact,” said Bambenek “This reduces the effort to near zero after the management system is in place. Often, I find exposed services in enterprises because of a lack of management over development resources. Engineers spin up an AWS instance and go to town. It’s rare that such databases have real data. However, those systems can and are often abused for other threats such as phishing, cryptomining and malware hosting. “
Mike Parkin, senior technical engineer at Vulcan Cyber, said while there are some technical differences between a cloud deployment and one done on-premises, the fundamentals remain the same.
“Securely configuring a database and its environment is best done right at the start, when putting in minimal extra time and effort can lead to much lower long-term risk,” Parkin said. “And deploying the right tools and procedures to keep the database safe and secure is a required next step.”
Ryan Thomas, vice president of products at LogicHub, said this disturbing trend probably has less to do with the pandemic, and more to do with the way app development has dramatically changed. Thomas said that it’s become very easy for developers to build apps with open-source tools, serverless architectures, and in-memory data storage for rapid access to huge amounts of data.
“The few extra steps to consistently secure this data are far too easily overlooked, and developers often test new apps with realistic data, or take ‘temporary’ shortcuts with good intentions of securing the data later — which is easy to forget about,” Thomas said. “Security always requires that we slow down, understand the data we have, and have enforceable governance. But in the development ‘Wild West’ it’s far too easy to ignore the basics and assume it’s someone else’s problem.”