The MongoDB database was hijacked by a large-scale ransomware attack with more than 26,000 servers #精选GITHUBMYSQL

Yesterday, a big news burst, MongoDB Database Corporation was attacked. Just last weekend, three hacker gangs hijacked more than 26,000 servers in MongoDB, of which the largest group of more than 22000 units.

the "MongoDB Apocalypse" coming?

The attack was discovered by security experts Dylan Katz and Victor Gevers, who they call the "MongoDB Apocalypse" continuation. The so-called "MongoDB Apocalypse" event began at the end of December 2016 and lasted until the first months of 2017.

It is reported that a number of hacker organizations involved in the attack, they hijacked the server, with the ransomware program to replace the normal content. Foreign media say most of the compromised databases are using test systems, some of which may contain important production data. Some companies eventually had to pay the ransom, and it turned out that the attackers had not mastered their data at all and had been put together.

three new hacker gangs surfaced

Security experts tracked the attack using Google Docs spreadsheets, totaling more than 45,000 databases (more likely). In fact, in addition to MongoDB, several other well-known databases are not spared, ElasticSearch, Hadoop, CouchDB, Cassandra and MySQL servers have been hijacked.

This spring and summer of the turn, once the noisy attack gangs gradually silencing the ruins, the number of hijacked servers also showed a downward trend. Just last week, three new hacker groups were again on the attack, and security experts targeted their e-mail through ransom notes.

the number of attackers is reduced, but the damage does not fall against the rising

Victor Gevers, the discovery of the attack, is the chairman of the GDI Foundation, in addition to being a seasoned security expert.

The GDI Foundation is a nonprofit organization dedicated to maintaining network information security, and this year has seen the efforts and results of the GDI Foundation from the AWS S3 Cloud service platform Security to the Jenkins, Eternal Blue events, and GitHub reports.

In the interview, Gevers mentioned:

Although the number of attackers has decreased, the damage to each attack is increasing (the number of servers hijacked is only high). Now we have to study carefully, in the end is the lack of skills or safety awareness? Why does the database system continue to run in an older version? Or is there a latent loophole that has not yet been discovered by us?

Gevers also said he had to introduce a group of external experts to assist in the analysis of MongoDB issues. The GDI Foundation has a lot of work to do and is really busy.

Via freebuf.com

The MongoDB database was hijacked by a large-scale ransomware attack with more than 26,000 servers #精选GITHUBMYSQL