Group-IB, a global cybersecurity firm, conducted a deep dive into exposed digital assets discovered in 2021. Group-Attack IB’s Surface Management team examined instances hosting internet-facing databases as part of the research.
According to the findings, the number of public-facing databases increased by 16 percent to 165,600 in the second half of 2021, with the majority of them stored on servers in the United States. The number of databases exposed to the open web has been increasing by the quarter, reaching 91,200 in Q1 2022.
Group-IB Attack Surface Management continuously scans the entire IPv4 network for external-facing assets such as exposed databases, malware or phishing panels, and JS-sniffers. Corporate digital assets that are not properly managed undermine security investments and expand the attack surface, according to Group-IB experts.
“A public-facing database doesn’t necessarily mean it has been compromised or leaked with malicious intent. In most cases, internet-facing databases are an overlooked digital asset that has been misconfigured and thus unintentionally exposed to the open web. We want to underline that unsecured Internet-facing databases pose great risks if the attackers access them before the company finds its forgotten or poorly protected asset,” — Group-IB said.
In the UAE, 111 databases were exposed to the open web between Q1’21 – Q2-’22, while 372 databases were exposed in KSA. The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.
As the pandemic progressed and more people were forced to work from home, corporate networks became more complex and extensive. This inevitably resulted in an increase in the number of public-facing assets that were not properly inventoried. The average cost of a data breach increased from USD 3.86 million to USD 4.24 million last year, according to IBM. In many cases, a data breach begins with a preventable security risk, such as a database that is exposed to the open web.
As such, in 2021 alone, Group-IB Attack Surface Management team identified 308,000 incidents of databases exposed to the open web.
When it comes to managing high-risk digital assets, timely discovery is critical because threat actors are quick to spot an opportunity to steal sensitive data or advance further in the network. According to the findings of the Attack Surface Management team, it took an average of 170.2 days for an exposed database owner to resolve the issue in the first quarter of 2021. The average time decreased gradually throughout 2021, but it returned to the initial value of 170 in the first quarter of 2022.
Country wise, last year, most of the databases exposed to the open web were discovered on the servers located in the US.
“A lot of the security incidents can be prevented with very little effort and a good toolset,” comments Tim Bobak, Attack Surface Management Product Lead at Group-IB. “Last year, over 50% of our incident response engagements stemmed from a preventable, perimeter-based security error. A public facing database, an open port, or a cloud instance running vulnerable software are all critical but ultimately avoidable risks. As the complexity of corporate networks keeps growing, all the companies need to have complete visibility over their attack surface.”
The new product from Group-IB AssetZero is a solution for intelligence-driven attack surface management (EASM). It takes advantage of the full breadth and depth of Group-threat IB’s hunting and intelligence gathering ecosystem by continuously discovering all external-facing IT assets, identifying potential vulnerabilities, and prioritizing issues for remediation through an all-in-one, user-friendly interface.
