In order to highlight cyberthreats in critical global industries, the WizCase team has been carrying out ongoing cybersecurity research. With some of our recent research, we looked into data leaks in the medical industry and data leaks in online education, both critically important and severely overlooked. Having looked at several specific industries, we thought it would be good to analyze general server breaches that can affect any company that runs databases. Over the past 10 years, there have been over 300 data breaches of servers containing over 100,000 records — enormous quantities of data that can wreak havoc on companies and their users alike.
The tool tracks and displays multiple variables to expose the severity and magnitude of global breaches:
Manually enter a period of time to be shown server analytics for.
The overall number of servers scanned in the given time period.
How many of the scanned servers were running an Elasticsearch database.
How many of the Elasticsearch databases were left accessible without secure authentication.
What percent of databases were accessible without secure authentication, required a password, or blocked access completely.
Which percent of scanned Elasticsearch databases were below 1GB, between 1-100GB, or over 100GB.
The number of publicly accessible files from all unprotected Elasticsearch databases in a given time period.
How many insecure servers were targeted with attacks such as Meow, resulting in data theft or deletion.
Depending on the type of data stolen during a breach, there are multiple ways in which it can be used against those who had their data exposed:
Stolen data could be used for direct financial gain if information like credit card details are stolen, or could be used for identity theft if sensitive personal details are obtained.
Attackers could use the acquired information to blackmail exposed parties, especially with sensitive healthcare information or financial details.
Stolen information can be used to access accounts on different services if identical login credentials are used, or to access the account linked to the breached provider.
If enough personal information is collected, it can be used to tailor highly effective phishing attacks or scams. This can trick people into revealing even more sensitive data like credit card or banking information.
Data breaches don’t only affect those whose data was stolen, but also those who were initially entrusted to keep the data safe. Companies affected by a data breach are likely to suffer from:
With the global nature of many businesses, a data breach likely means legal issues in several jurisdictions. This can result in extreme legal costs that may even pose a threat to the company`s existence.
Loss of customer trust after a significant breach is likely to be huge. Customers rely on companies to keep their data safe, so when they fail to there is a good chance of them taking their business elsewhere. In fact, the average cost of lost business following a data breach is around $1.4 million.
From intellectual property to financial details, stolen data could lead to considerable losses in various forms.
Failing to comply with data protection regulations comes at a more direct cost in the form of fines. For instance, the 2017 Equifax data breach resulted in the US Federal Trade Commission fining the company up to $700 million.
The current biggest data breaches in history affected some of the largest and most trusted companies in existence. It’s no surprise that two-thirds of people online had their records stolen or compromised by 2018.
It’s worth noting that all the top companies affected are American, where the average cost of a data breach is significantly higher than globally at $8.2 million.
There are a few things you can do to ensure that the impact of a data breach on you personally remains as small as possible:
If you reuse the same password on several accounts, a data breach on one can result in the breaching of multiple accounts at once. Use a reliable password manager, so you have a strong and unique password for every service.
If your credentials are stolen in a breach but you have 2FA active, it’s almost impossible for the attacker to access your account without the extra code.
This alerts you when your personal information appears on a stolen data website, or in loan applications, social media posts, orders for utilities, and more. This way you can react as soon as you’re aware that some of your data has been stolen.
Initially 100%, but we narrow it down to 0.06%. Once a week we scan the whole internet to search for IP addresses that are likely running Elasticsearch — roughly 250,000 in total. This way we narrow down the whole web to the relevant 0.06%, which we scan on a regular basis to keep as updated as possible.
The Data Breaches Tracker is a fantastic way to assess global server vulnerabilities and analyze how worldwide database security can be improved. Given the huge number of susceptible databases, we hope it can function as a wake-up call to enterprises and anyone who keeps sensitive data on an insecure server. Considering that the average cost of a data breach globally is just under $4 million, it’s vital for companies to secure vulnerable databases as quickly as possible.
Elasticsearch is a database engine used to sort and search through different types of data. It has many uses, including application search, to log analytics, performance monitoring, and security analytics. Users especially love it for its speed and ability to search through vast quantities of data in milliseconds. It’s ranked as one of the most popular database engines in the world.
The Meow cyberattack is a particularly destructive kind of attack that, unlike many other attacks, doesn’t seek any kind of profit. It simply searches for unsecured databases and wipes all their contents, leaving behind its telltale “Meow” written all across the affected database. It doesn’t only affect Elasticsearch databases, but also MongoDB, Cassandra, Hadoop, and more.
Apart from Meow, mentioned above, there are numerous types of attacks that target servers, including:
Almost any database can be left unsecured and open to attack on the internet. However, some that are frequently left open to attack include MongoDB, Cassandra, Hadoop, and Jenkins.
Elasticsearch contains a number of built-in mechanisms for user authentication, so only validated users can log in and view data on the server. However, this alone isn’t enough, since users should be given relevant privileges so they can only see data that they’re qualified to see. In Elasticsearch this is known as “role-based access control mechanism” (RBAC) — in essence, every user is given a role and related privileges for heightened data security.
Of course, security goes much deeper than this, but with more advanced authentication setups, many servers would already be a lot safer.
Our Data Breaches Tracker scans the web every week, specifically seeking out unsecured Elasticsearch databases that have potential to be breached (or already have been). It then stores this data and makes it available in the form of a detailed graph with multiple variables so you can analyze the precise time period and data you want.
WizCase is an independent review site. We are reader-supported so we may receive a commission when you buy through links on our site. You do not pay extra for anything you buy on our site — our commission comes directly from the product owner.
Support WizCase to help us guarantee honest and unbiased advice. Share our site to support us!