A recent study found billions of records exposed in unsecured Elasticsearch and MongoDB libraries. These 10.5 billion pieces of consumer data reportedly included passwords, phone numbers, and email addresses. Three countries made up the majority of these records, with France accounting for 5.1 billion detected entries, China for 2.6 billion records, and the United States for 2.3 billion. Needless to say, for those users whose data was exposed, this is bad news — which highlights exactly why data security is so important.
Exposed data is bad news because of how it can be exploited for use in a variety of attacks. In the case of the Elasticsearch and MongoDB libraries, this data was stored in unprotected form, meaning that any malicious actors who wanted to use it would have to do very little in order to gain access to the information. Databases are extremely attractive to hackers. That is because they are central repositories which contain large quantities of valuable information, potentially including financial records, corporate data, and more. In recent years, large numbers of companies — including Facebook, Yahoo, Equifax, eBay and others, have been targeted by hackers.
Using leaked data to attack
Leaked data can open up a range of possible cyberattacks, such as credential stuffing. Credential stuffing is an attack that, in a pre-bot world, would make very little sense. It uses information obtained from data breaches to try and log in to other services. For example, if a cyber attacker has the username and password that someone uses to log into an ecommerce platform, they might try and see whether that same username and password combination could also log into a banking service.
As you might imagine, the success rate of this is extremely low since it is essentially a guessing game, assuming that people will not only reuse the same login credentials on different websites and services, but also that they are users of that particular service to begin with. The success rate for credential stuffing attacks is estimated at around 0.1%, meaning that only one out of every thousand attempts pays off. But while these attacks would be totally unfeasible if carried out manually by a human attacker, bots can rapidly attempt large numbers of logins, making the attack far more feasible.
Email addresses made available through data breaches could also be subject to spear phishing attacks, in which the user is targeted by emails that appear to be legitimate but, in fact, redirect recipients to websites that may contain malware. In some cases, the user might accidentally give up other information by entering confidential data, believing that they are logging into a service like a trusted email provider or bank account. Where hackers have received multiple data points about a user, they may use this information to customize spear phishing emails to make them appear more authentic and compelling.
How hackers can break in
There are a number of ways in which an attacker might gain access to a database. Non-existent or subpar encryption methods make it easy for hackers to break in and steal valuable information, just as leaving a wallet and car keys in full view of an open window would prove a straightforward theft for robbers.
Databases may additionally be hacked via system flaws. If the security is lax enough that hackers can gain access, they could be able to access sensitive database information. Such attacks might include the likes of SQL injections.
A large number of cyberattacks are also due to human error. The spear phishing attack mentioned above can be used to trick personnel with access to databases into giving up access. Similarly, third-party outsourcing can provide another way of confidential data being exposed, either accidentally or deliberately.
No one-size-fits-all solution
There’s no one-size-fits-all solution that will keep you safe from these attacks. Hackers are constantly on the hunt for new ways to gain access to confidential data because of how valuable this can be for them. But there are proactive steps that organizations can take. Ensuring strong authentication efforts can help block many attacks. For example, introducing account lockouts after a certain number of failed login attempts and multi-factor authentication may reduce brute force attacks. So, too, is it important to control privileged access to restrict the number of people who have high level access to systems that could result in damage if they are compromised.
Encryption is also something every organization should be taking extremely seriously to reduce the chance that unsecured customer or client data can be gathered by bad actors.
Monitor for suspicious behavior
Another critical step is to have a system in place that actively monitors for suspicious behavior. Cyber attackers will frequently find ways to hide their tracks to make malicious behavior appear to be that of legitimate users. But modern cybersecurity systems can keep close tabs on the requests being made so as to block threats before they have the opportunity to do any damage. Many systems can also capture and provide detailed audit trails laying out exactly who has accessed which data, when, and anything that was done to it once accessed.
If you’re not in a position to take all of these precautionary measures yourself, it’s a good idea to bring in the security experts. Having third-party security experts advise you on the best measures to keep data safe is an excellent decision that could help avoid some incredibly damaging situations. Data security is critical. Every organization should treat it as a top priority.