Group-IB carried out a deep dive into exposed digital assets discovered in 2021. During the research, the attack surface management team analyzed instances hosting internet-facing databases.
The findings showed that in the second half of 2021, the number of public-facing databases increased by 16% to 165,600 with most of them stored on the servers in the US. The number of databases exposed to the open web has been growing every quarter to reach its peak of 91,200 in Q1 2022.
Corporate digital assets that are not properly managed undermine security investment and increase the attack surface, experts warn. The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.
As the pandemic progressed with more people having to work from home, corporate networks kept getting more complex and extended. This inevitably led to the increase in the number of public-facing assets that were not inventoried properly. In 2021, nearly $1.2 billion worth of penalties have been issued against companies for violations of the GDPR.
According to IBM, the average cost of a data breach increased from $3.86 million to $4.24 million last year. In many cases, a data breach starts with a preventable security risk, such a database exposed to the open web.
As such, in 2021 alone, the team identified 308,000 incidents of databases exposed to the open web. The number of public-facing databases kept growing almost every quarter since the beginning of 2021 to reach a peak in Q1 2022.
Most of the exposed databases discovered between the Q1’2021 and Q1’2022 used Redis database management system.
When it comes to management of high-risk digital assets, timely discovery plays a key role as threat actors are quick in spotting a chance to steal sensitive information or advance further in the network. According to the findings, in the first quarter of 2021, it took an average of 170.2 days for an exposed database owner to fix the issue. The average time was decreasing gradually over 2021, but it climbed back to the initial value of 170 in the first quarter of 2022.
Country wise, last year, most of the databases exposed to the open web were discovered on the servers located in the US.
“Last year, over 50% of our incident response engagements stemmed from a preventable, perimeter-based security error. A public facing database, an open port, or a cloud instance running vulnerable software are all critical but ultimately avoidable risks. As the complexity of corporate networks keeps growing, all the companies need to have complete visibility over their attack surface.”