Data Breach- ElasticSearch Server

Why do data breaches occur? Cybercrime is a profitable industry for attackers and is growing rapidly. Data breaches can occur for various reasons. Targeted attacks are typically carried out to: Exploit system vulnerabilities: Obsolete software can create gaps that allow an attacker to sneak malware onto a computer and steal data.

Cyber criminals hacking into bank account. Cartoon hackers opening lock, carrying password and money. Hacker attack concept. Vector illustration can be used for internet fraud, breach, money safety
Post Published On:

What is a data breach? 
Any compromise of an information asset’s confidentiality, integrity and availability is called a data breach.

What is an Elasticsearch server data breach?
Bob Diachenko, a security researcher discovered that 250 million Microsoft records were exposed from the Elasticsearch server database. The data included email addresses, IP addresses and support case details for 14 years.

What went wrong with the Elasticsearch server data breach?
There was a breach due to the security misconfiguration in the Elasticsearch database where the permissions were set to “public”.

How can data breaches affect businesses?
According to research by Risk Based Security in 2019, more than 4.1million records were exposed in 3183 reported breaches in first half of 2019. Data breaches will damage the brand image of a business and may also damage the customer trust. The value of the company also goes down. The 2013 Yahoo data breach is the best example of this. Over 3 billion user accounts were compromised, exposing sensitive customer information which decreased its acquisition rate from $4.83billion to $4.48billion.

Why do data breaches occur?
Cybercrime is a profitable industry for attackers and is growing rapidly. Data breaches can occur for various reasons. Targeted attacks are typically carried out to:

  • Exploit system vulnerabilities: Obsolete software can create gaps that allow an attacker to sneak malware onto a computer and steal data.
  • Weak passwords: Weak and insecure user passwords are easier for hackers to guess. So, it is advised to use unique, complex passwords.
  • Drive-by downloads: A virus or malware could be downloaded unintentionally by simply visiting a compromised web page. A drive-by download will typically take advantage of a browser, application, or operating system that is out of date or has a security flaw.
  • Targeted malware attacks: An email can be made to look like it came from a trusted source, even when it’s not. Attackers, therefore, use spam and phishing email tactics to trick users into revealing their credentials, downloading malware attachments, or directing users to vulnerable websites. Email is a common way for malware to end up on your computer. Avoid opening any links or attachments in an email from an unfamiliar source. Doing so can infect your computer with malware.

How companies can avoid security misconfigurations?
Unfortunately, security misconfigurations have become a common issue across industries. This can be avoided by security assessments and audits mentioned below:

  • Security Audits
  • Vulnerability Assessment and Penetration Testing
  • Compliance scan
  • Secure source code review

       http://security.ingrammicro.com