How secure is your database?

Hackers are taking advantage of misconfigured MongoDB databases

Recently, hackers are holding misconfigured MongoDB databases for ransom, over 27,000 of them! This is no different than the ransomware attacks that compromise and lock a computer until the ransom is paid. Instead of just compromising one computer though, this new attack is stealing a complete database, deleting it from the server, and holding it for ransom.

As usual, the hackers are accepting Bitcoins as payment, which is as anonymous as you can get. The hackers are requesting 1 Bitcoin, which is around $900 USD. If the payment is made, the hackers supposedly will give you back your hijacked database. Keep in mind, you’re dealing with a thief, which gives you no guarantee you’ll get anything back.

That’s all your data!

Think about what you store in a database: User, payment, customer, accounting, information on everything! Databases are the backbone of most web applications on the Internet now. If your site relies on a database, then you’re screwed if it’s no longer there. Being that it’s supposedly stolen, this is considered a data breach. If it were me, I’d make a copy of the database regardless of whether you pay the ransom or not. Eventually, I’d sell it on the black market and make some extra dough. But we’re the good guys here and our goal is to protect you.

Why is this happening?

It’s happening because database administrators aren’t securing their installations of MongoDB. In fact, the hackers are taking advantage of default installations of MongoDB that leaves the administrator password blank! This is a security 101 no..no! It’s no different than taking a new router out of the box and installing it on your network without doing anything else. Tisk… tisk!

Fixing your insecure MongoDB database

What can you do to fix your insecure MongoDB database? Here are a few simple steps:

1. Set passwords for all of your user accounts, especially the Administrator one.
2. Enable authentication in your MongoDB config file (auth = true).
3. Restrict remote access to your MongoDB server.
4. Update to the latest version of MongoDB.
5. Check out what the MongoDB team have put together to help you secure your server.

What else can you do?

Think hard… if your MongoDB system is insecure, what other systems on your network could be misconfigured or have weak security? Going through all of those systems by hand is a difficult and time intensive task, which is where Neo can help you out.