- Over 200,000 MongoDB servers misconfigured, 3,000 exposed without password
- Hackers wiped databases and left ransom notes demanding bitcoin payments
- Many servers are running outdated versions, vulnerable to DoS and persistent access
If you’re running a MongoDB instance, you may want to double-check your configuration, as experts have reported hackers looking to extort money from you.
Security researchers Flare reported discovering more than 200,000 misconfigured MongoDB servers whose data is accessible to anyone who knows where to look. About half of them expose operational information, and about 3,000 are accessible without a password.
Of those that are easily accessible, at least half have already been broken into, since their contents have been erased. An anonymous threat actor left a ransom note, demanding $0.005 in Bitcoin ($387 at the time of publication). It is possible that many of the other half were also compromised, but decided to pay the ransom and restore their data.
How to stay safe
The threat actor repeatedly uses five BTC addresses to receive the funds, with one of the five being the most active.
We don’t know how many transactions the wallet contains, or how many people paid the ransom demand, or whether the attackers keep the wiped databases or simply demand payment for nothing.
Flare also said that potential victims number well over 3,000 servers. Apparently, about half (95,000) of all instances inspected were running older versions of MongoDB, which are vulnerable to various known and unknown flaws that can also be exploited for persistent access.
However, most of the n-day vulnerabilities affecting these older versions can be used for denial of service (DoS), not data exfiltration or remote code execution. Generally, administrators should ensure that their MongoDB instances are not exposed to the Internet. If so, administrators should at least ensure that passwords are strong, that firewall rules and Kubernetes network policies are strict, and that configurations are not copied from deployment guides.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
