Cybersecurity company identifies more than 91,000 databases exposed on the internet in 2022

A Cybersecurity company named Group-IB have discovered a rapid growth in the number of databases exposed on the internet. In 2021, over 308,000 databases were exposed with over 165,000 discovered in the second half of the year. The amount of databases exposed has already peaked to 91,200 in the first quarter of 2022, the company stated in a research report.
Most of the exposed databases found are on servers based in the U.S and China while few are based in Germany, France and India. However Redis, MongoDB and Elastic were the top exposed databases. Redis had the most number of databases which was calculated to be 37.5%, followed by MongoDB, 31% and Elastic which comes lower to be 29%. Database exposure could be mainly as a result of misconfiguration. Hackers are able to access them using search engines indexing systems reachable from the web with intentions to steal the content or for financial extortion.
Group-IB used it’s Attack Surface Management solution to scan the entire IPv4 space for open ports relevant for accessing a database and to check if the indexes are available. They further stated “When it comes to management of digital assets , timely discovery plays a key role because hackers are quick in spotting a chance to steal sensitive information or advance further in a network.”
Last year IBM found out that the average cost if a data breach is more than $4.2 million dollars. Improperly Inventoried internet-facing assets such as databases could be exploited leading to costly data breaches. Gideon Geoffrey told cybertechwiz, “The more companies introduce complex security measures in Database management, there would likely be a chance of a misconfiguration and this can lead to exposure of data. Making sure data is configured correctly can take time but reduces cost of security and would also save time later in the future. Other steps like encryption and monitoring of databases often should also be taken to protect data”.