Fujitsu’s Cyber Threat Intelligence Unit releases Mongo DB investigation report
January 2017 by Fujitsu
Fujitsu releases its investigation report on MongoDB vulnerabilities, as prepared by its Cyber Threat Intelligence Unit (CTIU). Following the recent MongoDB ransom attacks, the unit has been working to identify exposed MongoDB databases. Containing real world examples, the report articulates how these attacks can occur, and how they can be prevented.
Mongo DB – a free, open source, document-orientated database program – is not necessarily dangerous in itself, but the threat comes from unsecured Mongo databases requiring no authentication. Tens of thousands of the recent MongoDB ransom attacks occurred in this way. Our Cyber Threat Intelligence unit regularly identifies and analyses exposed databases to help companies better understand how to protect themselves. This report serves as an introductory guide to organisation who feel they may already be vulnerable, and a warning to those who may have become complacent in their data security protocols.
Bryan Campbell , Senior Security Researcher at Fujitsu, added: “Attacks on insecure databases can have devastating consequences, with the personal information of millions of people exposed on the internet just last year. It’s a sign that, in today’s threat landscape, organisations can no longer afford to be complacent when it comes to security. We believe sharing our findings is the best step towards preventing these types of attack, and that with effective vulnerability management tools, and by utilising threat intelligence services, we can stop the cyber criminals targeting these databases”.