Computer security experts detected a worldwide MongoDB servers virus attack that has impacted web applications and sites to malfunction on a global scale.
MongoDB Virus Attack Launched Globally
Security professionals detected a series of malware campaigns that seek to penetrate MongoDB servers worldwide. The MongoDB servers virus attacks so far have impacted more than 26 000 machines for the last week alone. According to the researchers this is the second wave specifically targeting this platform for this year. Large Internet services that rely on MongoDB have experienced similar intrusion attempts in the end of 2016 and the beginning of 2017.
When the earlier attacks commenced the experts that tracked the hacker campaigns published several security tips that aid the prevention and recovery from such attacks:
- Database administrators should refer to the security manual and other documentation that provides the basic levels needed to ensure a secure framework.
- The base security concepts should be implemented in every production machine ‒ authentication enforcement, access controls coordination, network exposure limitation and other related best practices.
- Continuous backup copies should be stored on secure servers.
The hacker attacks that took place last week were operated by three separate criminal groups. There are several case scenarios which can be used to explain the the origins of the intrusion attempts. One of the possible reasons is the use of automated vulnerability testing applications that test target machines with known exploits. The hacker groups have probably gathered enough computational resources or used a botnet to carry out the necessary testing in order to infect targets of this magnitude.
Another version proposes that the attacks are part of a larger organizations that attempts to compromise as many MongoDB servers as possible. The hacker attacks have the intent of stealing information and infecting the machines with malware of all kinds. We can say for certain that such MongoDB virus attacks showcase the dangers of not protecting the production machines against hacker intrusion attempts.
The Latest MongoDB Virus Attack Reveals a Lack of Security
According to the security experts the hackers targeted all accessible MongoDB instances. A sequence of malicious actions followed that are prescribed to follow a routine of commands:
- Initial Intrusion ‒ The hackers use automated exploits to access the running MongoDB servers.
- Sabotage ‒ Once the criminals have access to the database they use commands to delete all stored from the information.
- Blackmail ‒ The content is replaced with a ransomware note that extorts a payment from the victims.
Unfortunately the MongoDB virus attack has lead to intrusion attempts to other related technlogies and products as well: ElasticSearch, Hadoop, Cassandra, MySQL, CouchDB and others for example. At the moment three separate groups are reported to have been able to infect computers on a larger scale. They are email@example.com (22 449 infected machines), firstname.lastname@example.org (3516 infected machines) and email@example.com (839 infected machines). They demand a varying fee payable in the Bitcoin digital crypto currency from 0.05 to 0.2 BTC.
Even though a large part of the compromised database servers were found to be development and test instances the large-scale hacker attacks showcase that such incidents can impact larger systems and networks. According to the annual network security reports a large part of the system administrators in all major industries are not able to effectively cope with all hacker intrusion attempts. At the moment the security experts are working to uncover the exact vulnerability that was exploited.