NoSQL-based stacks exposed to the Internet actively exploited


NoSQL technology has become more popular in recent years thanks to the development of new open-source NoSQL databases that are relatively easy to install, use and integrate with web frameworks. An example of one of those popular frameworks on the internet is known as MEAN (MongoDb, Express.js, Angular.js, Node.js).

These NoSQL frameworks have become very popular for things such as content management, catalogs and big data in general. Some of the most popular NoSQL technologies include:

No-SQL databases are highly scalable and can process very large amounts of unstructured data. Many of these No-SQL databases have some of the largest data repositories on the internet, specifically Hadoop clusters, which is an ecosystem of technologies where several No-SQL technologies are in place.

Perhaps by omission, or because many of these technologies are new, there does not seem to be an active effort in securing these huge data repositories actively exposed to the internet and plagued with security weaknesses, such as: lack of authentication, encryption  and even at best case scenario with weak or default credentials.

The popularity of these frameworks makes them attractive for exploitation as malicious actors are constantly seeking resources for crime-driven operations such as spam, piracy, DDoS and profit-driven crypto mining. An example of the above is the recent report of California’s voter database being compromised and held for ransom.

Although No-SQL frameworks are not as prevalent as SQL based frameworks (e.g. LAMP), Non-SQL frameworks are just as vulnerable and targeted as the SQLbased ones. The fact that these databases are often exposed to the Internet with default credentials (or no authentication) allows malicious actors to perform mass exploitation targeting such frameworks. Recent reports on a very large number of Redis servers exposed to the internet, and possibly compromised, indicate that malicious actors are using them for at-scale cryptocurrency mining operations.

To learn more, and access remediation measures, please access the Threat Advisory Here.

Share on