MySQL is the Next Target of Blackmailers
As we mentioned in the previous post, the year 2017 began with thousands of publicly accessible MongoDB instances being attacked and held for ransom by cybercriminals. After MongoDB servers, the attacks quickly reached ElasticSearch clusters, Hadoop, CouchDB and Cassandra servers. MySQL also made it to the list of the affected databases. Attackers hijacked hundreds of MySQL databases deleting their contents and demanding ransom for returning the files.
MySQL is one of the most popular open-source database management systems with a lot of major companies across the globe using it to store their data.
As reported by investigators all attacks were emanating from a Dutch web hosting company. The attacks relied on brute-forcing or guessing the root password for MySQL instances. After getting into the database, attackers added a new table containing a ransom note and then wiped out all databases found on the compromised server, in most cases without dumping them.
As with other database attacks earlier this year, multiple companies permanently lost their data even if they had paid the ransom. In many instances, extortionists simply wiped the data for good without having copied the information over.
This is not the first time MySQL servers have been attacked and held for ransom. Similar series of attacks happened in 2015, when hackers used unpatched phpBB forums to penetrate databases and hold websites for ransom.
Properly securing enterprise databases is a complex ongoing process. But over the years, security professionals came up with basic steps and strategies that may look simple and obvious but still guarantee a decent level of data protection. Neglecting of those causes the consequences described and makes breaking into databases shockingly easy – malicious attackers succeed using the simplest methods and tools. So, to prevent cyber attacks on databases and secure business information, we highly recommend IT groups to follow well-known security practices: