According to German information technology security researchers, it takes only 13 seconds for cyber hijackers to wipe databases from vulnerable MongoDB servers.
Cyber hackers have been using unprotected MongoDB-based servers to steal a variety of data over the past few years and have kept databases in their hands to ransom server owners. The cyber hijackers who wanted to pay attention to the issue leaked 36 million internal bugs stolen from some vulnerable servers.
John Matherly of Shodan has revealed the seriousness of the situation by explaining that in 2015 there were more than 30 unprotected MongoDB databases. When we arrive today, security researchers of the information technology of the German Kromtech company have left a vulnerable database to MongoDB to carry out a ‘small’ experiment.
The researchers, who created a mechanism to detect and prevent the unauthorized use of information systems called Honeypot, planned to determine and measure the depth of attacks of this bait and pepper pirates against MongoDB. But pepper pirates have even managed to surprise security researchers in information technology.
According to Kromtech’s blog post, Honeypot contained fake data at 30GB. It took only 3 hours for the pepper pirates to identify the Hoyneypot database. The ridiculous requests of 0.2 Bitcoin swept away the database and took only 13 seconds. Yes, the whole Honeypot’s database has been hit by pirate hackers in 13 seconds.
According to the researchers, all operations should be completed in 13 seconds, indicating that this is an automatic scenario. As you can imagine, security researchers warn that you should never give a ransom in such a case. Because pirates, the data has already been erased. In order to avoid such a situation, you have to pay very much attention to data protection and backup.