January 17, 2024 at 10:10AM
The Border0 security researchers have identified a malicious extortion bot targeting publicly exposed PostgreSQL and MySQL databases with weak passwords. This bot autonomously wipes out vulnerable databases and leaves a ransom note, claiming to back up the data when in reality it only saves a small portion. It has managed to trick victims into paying, netting over $3,000 in a week. The bot also targets MySQL databases and attempts to bring them to a halt using the ‘SHUTDOWN’ command. The research highlights the importance of using strong passwords and not exposing databases to the public internet.
Based on the meeting notes, it seems that there is an ongoing issue with malicious bots targeting publicly exposed PostgreSQL and MySQL databases with weak passwords. The bots are autonomously wiping out databases and then demanding ransom from the victims to regain access to their data.
Some key points from the notes are as follows:
1. The bot specifically targets databases with weak credentials and is able to compromise them multiple times a day.
2. It leaves a ransom note after deleting the data and falsely claims to have backed up the data, tricking some victims into paying a fee for data recovery.
3. The bot has managed to earn over $3,000 from six victims in just one week.
4. The attackers are trying to conceal their true location by using a Dutch hosting provider’s IP address and including a Russian domain in the ransom note.
5. The bot also targets MySQL databases with a similar modus operandi and aims to shut down the server using the ‘SHUTDOWN’ command.
6. The researchers discovered millions of publicly facing Postgres and MySQL servers, making them potential targets for the extortion bot.
In conclusion, it’s crucial for individuals and organizations to strengthen the security of their databases by using strong passwords and avoiding public exposure of the database whenever possible. Additionally, caution should be exercised when using Docker features, and best practices should be followed to prevent unauthorized access to databases.
Let me know if you need any further details or if there’s anything else I can help with.