Security teams should brace for a potential onslaught of ransomware attacks – more troubling as workforces operate remotely during the pandemic – after the public-facing profiles of 235 million TikTok, Instagram and YouTube users were exposed through a misconfigured database.
“Since everybody is working remotely, those phishing attacks can compromise a personal device, which then connects to a corporate network and spreads the ransomware,” said Stephen Manley, chief technologist at Druva.
Misconfigured or open servers have found a home on the internet with alarming frequency, even after reports of high-profile data leaks and warnings of potential dire consequences. Many are the result of relaxed security in the development environment. “During the implementation of a production database, a large portion of the effort should be directed towards securing it and limiting access,” said Melody J. Kaufmann, cybersecurity expert at Saviynt. “Breaches like this occur when temporary databases or working sets of data are extracted either in the migration process or as a result of shadow IT being created to reduce reporting performance drag. Shadow IT circumvents controls because a user/admin desires expedited work.”
Regardless of their origins, misconfigured databases or systems that haven’t been hardened represent “a giant gaping wound” in organizational security, said Kaufmann.
The specific personal data left exposed in this instance can be used to craft “more effective spear phishing to attack an enterprise with higher risk, higher value data,” said Mark Bower, senior vice president at comforte AG.
That leaves organizations in the unfortunate position of having to fight on two fronts. “The bottom line here is enterprises need to be both protecting their own personal data to neutralize it from risk of theft and scraping, and ensuring employees don’t become the vector of exploits from attackers who quite literally have more socially exploitable data on them than the businesses they report to,” said Bower.