In his study “Are Unprotected Cloud Databases Leaking Your Data? “, Frenchman Cybelangel, who specializes in data leaks, details the consequences of poor access and information management in the cloud.
What happens when ElasticSearch databases are left uncovered because someone has forgotten to configure a password and unauthorized third parties can find and access the data?
Cybelangel’s latest sector alert focuses on this issue, which concerns more and more organizations.
According to an Oracle study (“2020: Top Ten Cloud Predictions”, seven in ten organizations will keep critical data in the cloud. Data migration to the cloud can help maximize flexibility and reduce costs.
But this policy can also expose organizations to increased digital risk. The rapid increase in data leaks is fueling the underground economy. The main effects are the development of spam, phishing and social engineering attacks, and even the compromise of professional emails.
And these data leaks come at a cost that is far from anecdotal. According to the 2019 Ponemon Institute report, the average cost per recording lost worldwide is around $ 150 per recording.
“When you multiply this average cost by the number of documents exposed between 2018 and 2019, configuration errors cost businesses around the world almost $ 5,000 billion,” Cybelangel says.
ElasticSearch databases are very exposed. Configuration errors accounted for 30% of all exposed documents. In addition, the number of violations caused by Elasticsearch configuration errors almost tripled from 2018 to 2019.
More recently, CybelAngel analysts have observed a sharp increase in the number of unprotected databases that have been infected with ransomware.
“After investigation, our team of analysts identified a single group of hackers who were deleting records from unprotected databases using Elasticsearch and demanding a ransom. The Bitcoin address for payment has remained the same and does not indicate any indication that payment has been made, “says Cybelangel.
CybelAngel says it detects leaks on average two months before data breaches become public: “It means our customers are notified of the data breach before their IP or product launch information are not exploited by cybercriminals. “
Enough to allow companies to remedy the data leak before it becomes a major data breach.Source: Cybelangel