랜섬 Unistellar 파괴 12 MongoDB의에서 천 데이터베이스

독립적 인 인터넷 보안 전문 Sanyam 자이나교는 이상을 발견 12 사이버 범죄자를 파괴 천 MongoDB를 데이터베이스.

에이ttackers delete all notes from the storage and propose victim to contact them for information restoration. 전문가들은 이전에 알 수없는 Unistellar 밴드와 공격을 연결.

"우선 4 월에 공격을 발견 24, 처음에 닦아 MongoDB의 데이터베이스를 발견했을 때 어떤, instead of the huge quantities of leaked data I was used to finding, only contained the following note: “복원 ? Contact : unistellar@yandex.com”, — said Sanyam Jain.

Unistellar’s campaign began at the end of April this year and affected database with information about 257 million India citizens that was found in open access by security specialist Bob Diachenko. Researcher discovered unprotected storage that contained personal identification data, on April 23. Notes included names, 전화 번호, emails and physical address details.

Specialist reported about his finding in Indian center of reactions on cyberthreats (CERT-In), 하나, database was available only until May 8, when Unistellar cybercriminals destroyed it.

Experts say that cybercriminals use automatized script that looks for unprotected MongoDB bases and erases information that they contain. Malware adds to free cells lines with the proposal to write on one of the emails for restoration.

Wiped MongoDB databases found
Wiped MongoDB databases found

Analysts note that attackers create points for information restoration, though it is not clear if they create reserve copied of the destroyed bases. Tracing buyout is also not possible as cybercriminals do not publish numbers of digital wallets but only give victims in personal correspondence.

Diachenko discovered on the Internet about 150Gb of data, collected by Verifications[.]io marketing agency. Powered by MongoDB base contained more than 800 million emails, dates, 이름, phone numbers and other data about private persons and organizations. Later other researchers discovered two more storages that belonged to the company. By this, the volume of compromised data consisted 2 billion of records.

How to protect information.

These attacks can happen only because the MongoDB databases are remotely accessible and access to them is not properly secured. This means that the database owners can easily prevent such attacks by following fairly simple steps designed to properly secure their database instances.

MongoDB provides details on how to how to secure a MongoDB database by implementing proper authentication, access control, and encryption, and also offers a security checklist for administrators to follow.

출처: https://www.bleepingcomputer.com

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

Heroku가 클라우드 플랫폼에 MageCart

연구진은 여러 MageCart 웹 스키머에 Heroku가 클라우드 플랫폼 발견

Malwarebytes 연구원은 Heroku가 클라우드 플랫폼에서 여러 MageCart 웹 스키머를 찾는 것에 대해보고 …

안드로이드 스파이웨어 CallerSpy

안드로이드 채팅 응용 프로그램으로 CallerSpy 스파이웨어 마스크

트렌드 마이크로의 전문가들은 악성 코드 CallerSpy 발견, 안드로이드 채팅 응용 프로그램으로하는 마스크와, …

회신을 남겨주