A total of 7,873 public-facing exposed databases in Singapore were recorded, placing the country 6th among the countries with the highest number of Internet-facing exposed databases. This worrying stats were released by Group-IB’s Attack Surface Management team.
Databases are essential for organizations all over the world. While there are many reasons how Singapore could have experienced such a high volume of exposed databases, the reality is, employees would be the weakest link that contribute towards it.
As employees make their way back to the office to work, many are still working in a hybrid or remote working setting. To secure employees, be it on-site or remote, businesses continue to invest heavily in cybersecurity.
Over the last few years, corporate networks have become more complex and extended. This inevitably led to an increase in the number of public-facing assets that were not inventoried properly, especially when remote working kicked in due to the pandemic.
The GDPR issued penalties worth US$ 1.2 billion to companies for data violations in 2021. IBM also reported that the average cost of a data breach increased from US$ 3.86 million to US$ 4.24 million last year. In many cases, a data breach starts with a preventable security risk, such as a database exposed to the open web.
As such, in 2021 alone, the Group-IB Attack Surface Management team identified 308,000 global incidents of databases exposed to the open web. The number of public-facing databases kept growing almost every quarter from the beginning of 2021 to reach a peak in the first quarter of 2022. Most of the exposed databases discovered between the first quarter of 2021 and the first quarter of 2022 used Redis database management system.
When it comes to the management of high-risk digital assets, timely discovery plays a key role as threat actors are quick in spotting a chance to steal sensitive information or advance further in the network. According to the Attack Surface Management team’s findings, in the first quarter of 2021, it took an average of 170.2 days for an exposed database owner to fix the issue. The average time was decreasing gradually over 2021, but it climbed back to the initial value of 170 in the first quarter of 2022.
These figures can lead to not only disruptions to an organization but also a huge amount of additional costs as well as a huge loss of customer confidence in the company. Surveys from other organizations have shown consumers opting for competitors or other brands whenever a company has suffered a data breach.
Country-wise, last year, most of the databases exposed to the open web were discovered on the servers located in the US. However, Southeast Asia was not far behind, with Singapore placed sixth. China was placed second with India in fifth.
“A public-facing database doesn’t necessarily mean it has been compromised or leaked with malicious intent. In most cases, internet-facing databases are an overlooked digital asset that has been misconfigured and thus unintentionally exposed to the open web. We want to underline that unsecured Internet-facing databases could be very risky if the attackers access them before the company-owner finds it’s forgotten or poorly protected asset,” said Group-IB.
The second half of 2021 saw the number increase by 14% to 3,131 as compared to the first half’s data with 2,751 exposed databases. The number of databases exposed to the open web has been growing every quarter to reach its peak of 1,991 in the first quarter of 2022.
Group-IB’s Attack Surface Management system continuously scans the entire IPv4 and identifies external-facing assets, hosting, for example, exposed databases, malware or phishing panels, and JS-sniffers. Group-IB’s experts also warned that corporate digital assets that are not properly managed undermine security investment and increase the attack surface. The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.
Tim Bobak, Attack Surface Management Product Lead at Group-IB pointed out that a lot of the security incidents can be prevented with very little effort and a good toolset.
“Last year, over 50% of our incident response engagements stemmed from a preventable, perimeter-based security error. A public-facing database, an open port, or a cloud instance running vulnerable software are all critical but ultimately avoidable risks. As the complexity of corporate networks keeps growing, all the companies need to have complete visibility over their attack surface,” commented Bobak.
As such, businesses need to have sufficient cybersecurity protection. Even if they have invested heavily in their cybersecurity, they still need to ensure they monitor their employees as well as have sufficient threat hunting and intelligence gathering ecosystem. This is done by continuously discovering all external-facing IT assets, identifying potential vulnerabilities, and prioritizing issues for remediation via an all-in-one easy-to-use interface.