In recent past there have been some major breaches and some key reasons responsible for the breach were Shadow IT, Leaked Credentials, 3rd Party/Vendor Risks. Major breaches like American Express, Uber, Dropbox, Dunkin Donuts, British Airways & many more. This research was in line with this to continuosly monitor the web (surface,deep,dark) to understand the leaked credentials, pattern of data loss etc.
Today we deal with huge amount of data and to store, share and transfer data to other parties we have a choice to use a range of services and one of them is cloud storage, specifically Amazon Storage Service (S3) buckets. Unfortunately, many admins misconfigure these S3 buckets as a result of which the contents become publicly accessible. However, S3 buckets are not the only concern. Many other services that are used and are frequently misconfigured are File Transfer Protocol, rsync (A way of transferring and synchronizing files), Server Message Block (A network file sharing protocol) and more.
Exposed Database
- Number Of Open Database (MySql, Mongo, ES, Redis) : 500K
- Sample Size Of Data Exposed : 20 TB
- Number Of Databases In India : 5K
The sensitivity of the leaked data is a major cause for concern. In many cases highly sensitive information like personal information, intellectual property, payroll and security assessments have been exposed.
Leaked Passwords
- Number of Leaked passwords reached 6.7 Billion by end of Jan 2019
- 40%+ of Organizations could be breached just using leaked passwords
Found 5+ common password patterns for every major organisation.
Many of the exposed security assessment files contained source code testing results, vulnerability scanning reports, penetration tests, network diagrams, and security audit reports. These infrastructure reports in-turn revealed server locations, hosting IPs, missing software patches, port information, CVE numbers, vulnerability descriptions and other details that could allow an attacker to inject malicious code, perform man-in-the-middle attacks or edit the data.
Code Leaks
- Sample Enterprise Code Leaks: 12K +
- 15% of cases internal employees
- leaked credentials, keys and sensitive information such as private keys, AD passwords, mail server, passwords, even Pay slips.
- CI/CD CI/CD tools such as Jenkins, GoCD etc. leads to exposed code and remote code execution.
There is an incredible amount of data already exposed and with privacy laws, organizations need to figure out ways to protect personal data, particularly if employees or contractors are copying work files using cloud storage and Network Attached Storage solutions.
Open Cloud Resources
- +10K public Elastic Block Store (EBS) snapshots from 3,213 accounts
- +400 public Relational Database Service (RDS) snapshots from 200+
accounts. - +700K public Amazon Machine Images (AMIs) from +20K accounts.
- +16K public IPs of exposed AWS managed ElasticSearch clusters that could
have their contents stolen or data possibly deleted – this means 17% of - AWS-managed ElasticSearch servers with public IPs were misconfigured.
More than 500 Million AWS Buckets Indexed hosting Terabytes of Data.
Apart from the mis configured S3 buckets several other services that are used and are frequently misconfigured are File Transfer Protocol, rsync (A way of transferring and synchronizing files), Server Message Block (A network file sharing protocol) and Network-attached storage devices.
Exposed Network Services
- 80% of large organisations has
- Multiple exposed UAT servers
- Vulnerable WordPress/Zoomla servers
- Telnet/FTP
- Open vulnerable routers
- 30% of organizations had
- Open LDAP
- Open RDP
- Open SMB/RPC
