Millions of MySQL servers (opens in new tab) were recently discovered to be publicly exposed to the internet, and using the default port, researchers have found.
Nonprofit security organization, The ShadowServer Foundation, discovered a total of 3.6 million servers are configured in such a way that they can easily be targeted by threat actors.
Out of the total 3.6 million, 2.3 million are connected over IPv4, while 1.3 million over IPv6. They’re all using the default TCP port 3306.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
"While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed," the non-profit explained in an announcement.
Misconfigurations lead to data compromise
Most of the servers are found in the United States (more than 1.2 million), with China, Germany, Singapore, the Netherlands, and Poland, also hosting significant numbers of servers.
Internet-connected servers are a major pillar in today’s enterprise, as it allows web services and applications to operate remotely. But misconfigured servers are one of the most frequent errors that lead to data loss (opens in new tab), as many ransomware attacks, and remote access trojan (RAT) deployments, have started with a misconfigured database.
Researchers have been very vocal about the need to properly secure databases, which includes strict user policies, changing and monitoring ports, enabling binary logging, keeping a close eye on queries, and encrypting all of the data, BleepingComputer reminds in its report.
> Many data breaches are being caused by misconfigured clouds (opens in new tab)
> Sega left a huge database of user information open to hackers (opens in new tab)
> Misconfigured web apps exposed millions of US personal records online (opens in new tab)
A report from IBM published in May 2021 claimed that 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure.
This time last year, the company polled 524 organizations that suffered a data breach between August 2019 and April 2020, and also found that the average cost of a data breach increased by half a million dollars during that time.
- These are the best database design software right now (opens in new tab)
Via: BleepingComputer (opens in new tab)