Security News > 2022 > June > Hundreds of Elasticsearch databases targeted in ransom attacks
Hackers have targeted poorly secured Elasticsearch databases and replaced 450 indexes with ransom notes asking for $620 to restore contents, amounting to a total demand of $279,000.
This campaign is not new, and we have seen similar opportunistic attacks numerous times before, and against other database management systems, too [1, 2, 3]. Restoring the database contents by paying the hackers is an unlikely scenario, as the practical and financial challenge for the attacker to store the data of so many databases is unfeasible.
Some of these databases support online services, so there's always the risk of business disruption that could cost a lot more than the small amount demanded by the crooks.
For as long as databases are exposed on the public face of the internet without securing them properly, these opportunistic attacks will continue to target them.
A recent report by Group-IB shows that over 100,000 Elasticsearch instances were found exposed on the web in 2021, accounting for about 30% of a total of 308,000 exposed databases in 2021.
According to the same report, it takes database admins an average of 170 days to realize they have made a configuration mistake, leaving plenty of time for malicious actors to perform attacks.
News URL
Related vendor
VENDOR | LAST 12M | #/PRODUCTS | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
Elasticsearch | 8 | 0 | 14 | 1 | 0 | 15 |