Thursday, January 05, 2017

Some thoughts on the MongoDB Ransom Attack

As reported on a number of news sites there are a lot of unsecured Mongo DB servers out on the Web. This has created a new business opportunity whereby an ingenious hacker has found a business model. Backup your MongoDB, trash its contents and then leave a note for Ransomware to get the data back. I expect this is going to make a handsome earning.

Why you might ask? The databases have almost certainly in many cases been set up but unskilled people, I will take a stab at it and say probably not the most competent DBA or not even a DBA. My reasoning is that there are two things that stick out any decent DBA will have looked at two key tasks of the DBA, backups and security. Any DBA worth his daily pay would have both of these high in mind. He would have questioned how the data is accessed, the connections from any website and understood the architecture of the applications connecting to the databases being managed. The DBA would have constantly looked at how to lower the attack surface and had reliably tested backups reducing the concerns of any attempt to ransomware.

So if you don't have a DBA and you are running databases, I would suggest this is a warning to you to get either a service or hire one to make sure you don't have the opportunity to explain to your board to shareholders

See ya round


No comments: