We setup a honeypot to see how long for hackers find unsecured database
We setup a honeypot to see how long for hackers find unsecured database
If you think leaving user data exposed online for “just a day” is no big deal, think again. We setup a honeypot to see just how quickly hackers find unsecured data.
Led by researcher Bob Diachenko, the team set out to find “If you leave a database unsecured on the web, how long does it take hackers to find and steal it?” They created a simulation of a database on an Elasticsearch instance and put fake user data inside of it. Then they left it publicly exposed to see who would connect to it and how they would try to steal, scrape, or destroy the data.
Key findings include:
· 175 attacks beginning just 8 hours after deployment
· Ransomware bot destroyed the data
· Attacks originated in the USA, Romania, and China
More details including the types of attacks can be found in the blog post.
We setup a honeypot to see how long for hackers find unsecured database
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.