On January 6, I received a notice that over 10,000 MongoDB databases have been deleted by various groups of hackers over the last few days, confirming today’s security models are broken. I was shocked and wanted to investigate further, so I connected with Cryptzone for comment and scheduled a podcast interview with Jason Garbis, CISSP and VP of Products at Cryptzone.
By the time we connected for the podcast, more than 30,000 NoSQL databases had been compromised, had their data deleted or stolen, and in many cases, ransoms demanded.
To combat this, Cryptzone has rolled out the latest version of its Software Defined Perimeter offering, AppGate. AppGate transforms network security, employing an “authenticate first, connect second” approach.
Jason’s notes about the MongoDB and other NoSQL database attacks:
“Attacks – such as those against NoSQL databases, are exceptionally damaging but frustratingly they’re also preventable.”
“Exposing any system to the ‘Internet Cesspit’ is fundamentally a bad idea. All systems have weaknesses – whether it’s a vulnerability, poor configuration or inadequate controls. It’s far too easy for an attacker to use Shodan (a powerful search engine) to discover and then violate them.”
“Rather than putting all of their systems in the shop window, particularly one that doesn’t even have any glass to protect it, companies must wake up to the realization that a new approach to network security is required. Taking an identity-centric approach, so one that only permits authorized users to access resources, would effectively brick up the window to anyone that doesn’t know its there, locking the attackers out and rendering their malware impotent.”
Preston and I interviewed Jason about these recent exploits and found that the solution to the problem is very simple, but obviously overlooked.
Podcast details: Length: 17:59 minutes. Format: MP3. Rating: G for all audiences.
Think about the security of any data that’s exposed directly to the Internet or that’s exposed via web application. Setup two-factor authentication as an added measure against data exploitation.