Security researchers often report finding unsecured databases online, waiting to be discovered and exploited. Sometimes, these databases remain unprotected for only a few hours, and on other occasions could sit open for weeks.
New research from Comparitech show that hackers are able to identify and exploit these unprotected databases much faster than businesses might think.
The firm set up a fake user database, which it intentionally exposed via an Elasticsearch instance. Only eight hours later, the database received its first unauthorised request (Comparitech broadly refers to these requests as “attacks”).
Five days later, the database was indexed on Shodan.io (an IoT search engine) and incurred two new attacks within a minute of the event, and 22 in total that day.
Over the course of the 12-day experiment, the database was attacked 175 times.
While most attacks came from the States (89), a significant portion originated in China (15). By far the most popular method, meanwhile, was the GET request, with 147 instances.
Soon after the experiment was completed, the database was hit by ransomware and all its contents deleted.
Comparitech’s researchers concluded that, when it comes to rectifying unsecured databases, time is of the essence.