Shocking Results From Hidden Internet – Exposed Database,Leaked Passwords, Code Leaks & more
In recent past there have been some major breaches and some key reasons responsible for the breach were Shadow IT, Leaked Credentials, 3rd Party/Vendor Risks. Major breaches like American Express, Uber, Dropbox, Dunkin Donuts, British Airways & many more. This research was in line with this to continuosly monitor the web (surface,deep,dark) to understand the leaked credentials, pattern of data loss etc.
Today we deal with huge amount of data and to store, share and transfer data to other parties we have a choice to use a range of services and one of them is cloud storage, specifically Amazon Storage Service (S3) buckets. Unfortunately, many admins misconfigure these S3 buckets as a result of which the contents become publicly accessible. However, S3 buckets are not the only concern. Many other services that are used and are frequently misconfigured are File Transfer Protocol, rsync (A way of transferring and synchronizing files), Server Message Block (A network file sharing protocol) and more.
Number Of Open Database (MySql, Mongo, ES, Redis) : 500K
Sample Size Of Data Exposed : 20 TB
Number Of Databases In India : 5K
The sensitivity of the leaked data is a major cause for concern. In many cases highly sensitive information like personal information, intellectual property, payroll and security assessments have been exposed.
Number of Leaked passwords reached 6.7 Billion by end of Jan 2019
40%+ of Organizations could be breached just using leaked passwords
Found 5+ common password patterns for every major organisation.
Many of the exposed security assessment files contained source code testing results, vulnerability scanning reports, penetration tests, network diagrams, and security audit reports. These infrastructure reports in-turn revealed server locations, hosting IPs, missing software patches, port information, CVE numbers, vulnerability descriptions and other details that could allow an attacker to inject malicious code, perform man-in-the-middle attacks or edit the data.
leaked credentials, keys and sensitive information such as private keys, AD passwords, mail server, passwords, even Pay slips.
CI/CD CI/CD tools such as Jenkins, GoCD etc. leads to exposed code and remote code execution.
There is an incredible amount of data already exposed and with privacy laws, organizations need to figure out ways to protect personal data, particularly if employees or contractors are copying work files using cloud storage and Network Attached Storage solutions.
Open Cloud Resources
+10K public Elastic Block Store (EBS) snapshots from 3,213 accounts
+400 public Relational Database Service (RDS) snapshots from 200+ accounts.
+700K public Amazon Machine Images (AMIs) from +20K accounts.
+16K public IPs of exposed AWS managed ElasticSearch clusters that could have their contents stolen or data possibly deleted – this means 17% of
AWS-managed ElasticSearch servers with public IPs were misconfigured. More than 500 Million AWS Buckets Indexed hosting Terabytes of Data.
Apart from the mis configured S3 buckets several other services that are used and are frequently misconfigured are File Transfer Protocol, rsync (A way of transferring and synchronizing files), Server Message Block (A network file sharing protocol) and Network-attached storage devices.