Data Breaches Caused by Misconfigured Servers

Misconfigured server infrastructure is often considered one of the most significant causes of data breaches within the IT industry. This human error phenomenon is usually unintentional, but it can have catastrophic consequences regarding the exposure of sensitive personal information as well as potentially damaging the reputation of your business.

Data breaches have gathered a lot of news coverage, especially in recent years and it is, unfortunately, a trend that appears to be on the rise. Data is a valuable asset, especially to hackers who are constantly targeting vulnerable systems.

It is difficult to offer exact figures of data breaches directly as a result of misconfigured servers, however, data sources such as the suggest that there were approximately 1579 reported data breaches in 2017 in the United States. 11% (circa 174) were data breaches directly attributed to unauthorized access, their evidence also suggests that business data breaches are on the rise.

Data breaches can often be the result of user error, typically when an operator has misconfigured a platform or server which has resulted in the ability of an external entity to gain unauthorized access. The number of data records breached is staggering. Each data breach can affect millions of people’s personal details.

With the proliferation of cloud computing, many businesses are choosing to move their computing operations to the cloud, these systems will often contain sensitive information which requires adequately protecting. When a business chooses to make the jump to the cloud, important decisions must be made about which technical teams will drive the transition and ensure the security of the cloud platform.

Securing data will always introduce a layer of complexity for users when accessing data. If the transitional team lacks the knowledge and understanding of a new cloud platform and the security requirements of it, or indeed if no formal training has been offered to the teams, then it is easy to realize why misconfiguration can happen.

Cloud computing often simplifies the process of deploying Information Technology services; however, it is paramount that users understand the principle security concepts of their chosen cloud provider. A simple misconfiguration can open your server up to remote access by anyone with an internet connection, or allow data to be accessed in a similar fashion.

Many of the prominent examples of misconfigured data breaches relate to incorrectly secured cloud services. In October 2017, private customer information, certificates, 40,000 passwords and other sensitive data from Accenture customers was left open to public access with a misconfigured AWS S3 storage bucket. Essentially any person on the internet could have accessed the files providing they knew the S3 bucket ID, despite this, Accenture claimed that no third party gained unauthorized access.

Another high profile example is that of Tesla where hackers compromised several servers hosted on AWS S3 Compute nodes to mine bitcoin. This breach enabled unauthorized code to be executed within several Kubernetes instances to run bitcoin mining scripts. This extensive compute resource would have given the hackers significant compute power to mine bitcoin transactions ultimately giving them a revenue.

BJC Healthcare reported an unsecured server was left open to internet access between May 2017 to January 2018, it is reported that patient data including driving licenses, insurance details and treatment documentation was stored on the server. Personal data such as names, addresses, telephone numbers, and social security numbers were also vulnerable. BJC published a statement claiming no data was accessed during the time the server was at risk.

These examples highlight the organization’s lack of care taken when securing sensitive data services within the cloud. Other typical targets can include unsecured website backbend’s (such as WordPress or Apache consoles) and open unencrypted NAS devices that listen to incoming internet traffic.

SMB and FTP file servers are also commonly targeted, misconfiguration here often occurs when businesses share data with customers and external parties. If an FTP server is misconfigured, it is very easy to open the entire server up to unauthorized access to the file system, potentially exposing confidential data, and giving third parties access to each other’s data.

Having confidence in your cloud service provider is an important decision when choosing to join the cloud revolution. Securing data and IT services is one of the key reasons why businesses choose to outsource this responsibility to an experienced third-party managed service provider with a track record and expertise of getting the security configuration correct first time.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.