Fujitsu’s Cyber Threat Intelligence Unit releases Mongo DB investigation report
January 2017 by Fujitsu
Fujitsu releases its investigation report on
MongoDB vulnerabilities, as prepared by its Cyber Threat Intelligence Unit (CTIU).
Following the recent MongoDB ransom attacks, the unit has been working to identify
exposed MongoDB databases. Containing real world examples, the report articulates
how these attacks can occur, and how they can be prevented.
Mongo DB – a free, open source, document-orientated database program – is not
necessarily dangerous in itself, but the threat comes from unsecured Mongo databases
requiring no authentication. Tens of thousands of the recent MongoDB ransom attacks
occurred in this way. Our Cyber Threat Intelligence unit regularly identifies and
analyses exposed databases to help companies better understand how to protect
themselves. This report serves as an introductory guide to organisation who feel
they may already be vulnerable, and a warning to those who may have become
complacent in their data security protocols.
Bryan Campbell , Senior Security Researcher at Fujitsu, added: “Attacks on insecure
databases can have devastating consequences, with the personal information of
millions of people exposed on the internet just last year. It’s a sign that, in
today’s threat landscape, organisations can no longer afford to be complacent when
it comes to security. We believe sharing our findings is the best step towards
preventing these types of attack, and that with effective vulnerability
management tools, and by
utilising threat intelligence services, we can stop the cyber criminals targeting
these databases”.