Below the surface: Group-IB identified 2,811 exposed public-facing databases in Vietnam

Vietnam, 27.04.2022— Group-IB, one of the global cybersecurity leaders, carried out a deep dive into exposed digital assets discovered in 2021. During the research, Group-IB’s Attack Surface Management team analyzed instances hosting unsecured internet-facing databases.

The findings showed that from the first quarter of 2021 up to the first quarter of 2022, Group-IB has recorded a total of 2,811 exposed databases in Vietnam. “A public-facing database doesn’t necessarily mean it has been compromised or leaked with malicious intent. In most cases, internet-facing databases are an overlooked digital asset that has been misconfigured and thus unintentionally exposed to the open web. We want to underline that unsecured Internet-facing databases could be very risky if the attackers access them before the company-owner finds it's forgotten or poorly protected asset,” — Group-IB said.

In the second half of 2021, the number of public-facing databases increased by 11% to 1096 as compared to the first half’s data with 984 exposed databases. The number of databases exposed to the open web has been growing every quarter to reach its peak of 731 in Q1’2022. Group-IB Attack Surface Management system continuously scans the entire IPv4 and identifies external-facing assets, hosting, for example, exposed databases, malware or phishing panels, and JS-sniffers. Corporate digital assets that are not properly managed undermine security investment and increase the attack surface, Group-IB experts warn. The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.

As the pandemic progressed with more people having to work from home, corporate networks kept getting more complex and extended. This inevitably led to an increase in the number of public-facing assets that were not inventoried properly. In 2021, nearly USD 1.2 billion worth of penalties have been issued against companies for violations of the GDPR. According to IBM, the average cost of a data breach increased from USD 3.86 million to USD 4.24 million last year. In many cases, a data breach starts with a preventable security risk, such a database exposed to the open web.

As such, in 2021 alone, Group-IB Attack Surface Management team identified 308,000 global incidents of databases exposed to the open web. The number of public-facing databases kept growing almost every quarter since the beginning of 2021 to reach a peak in Q1 2022.

Most of the exposed databases discovered between the Q1'2021 and Q1’2022 used Redis database management system.

When it comes to management of high-risk digital assets, timely discovery plays a key role as threat actors are quick in spotting a chance to steal sensitive information or advance further in the network. According to the Attack Surface Management team’s findings, in the first quarter of 2021, it took an average of 170.2 days for an exposed database owner to fix the issue. The average time was decreasing gradually over 2021, but it climbed back to the initial value of 170 in the first quarter of 2022.

Country-wise, last year, most of the databases exposed to the open web were discovered on the servers located in the US.

“A lot of the security incidents can be prevented with very little effort and a good toolset,” comments Tim Bobak, Attack Surface Management Product Lead at Group-IB. “Last year, over 50% of our incident response engagements stemmed from a preventable, perimeter-based security error. A public facing database, an open port, or a cloud instance running vulnerable software are all critical but ultimately avoidable risks. As the complexity of corporate networks keeps growing, all the companies need to have complete visibility over their attack surface.”

Group-IB’s new product AssetZerois an intelligence-driven attack surface management (EASM) solution. It leverages the full breadth and depth of Group-IB’s threat hunting and intelligence gathering ecosystem by continuously discovering all external-facing IT assets, identifying potential vulnerabilities and prioritizing issues for remediation via an all-in-one easy to use interface.

About Group-IB

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attributionsystem has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework(earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core. Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB.

Group-IB is an active collaborator in global investigations led by international law enforcement organizations, such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security created in order to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB's experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB's mission is to protect its clients in cyberspace daily, creating and leveraging innovative solutions & services.

For more information, please contact:

Dean Bernales

PR Manager

dean@pinpointpr.sg

Pinpoint PR