Working with large amounts of data without taking the necessary security steps can pose a huge risk to any organization. According to the ethical hacking training experts from the International Institute of Cyber Security (IICS), unprotected databases significantly increase the chances of a company being a victim of a data breach.
For example, more than 50% of data breach cases registered in 2018 originated from unprotected database implementations, in other words, implementations to which any minimally knowledgeable user could access, even without needing a password.
An organization’s databases may contain extremely sensitive information, ethical hacking training experts mentioned; that is why threat actors have begun to focus their efforts on finding vulnerable or unprotected access points. Reports have recently emerged on some unprotected instances of Kibana exposed on the Internet, a situation that threatens the operations of multiple companies.
Kibana is an open source analytics and visualization platform designed to run with Elasticsearch; Kibana makes it easy for data analysts to quickly and easily understand the complex flows and logs of large data groups using graphical expressions.
According to the ethical hacking training experts, there are about 25k Kibana instances active online; out of these, most are exposed without adequate protections. Apparently, this is because Kibana does not have built-in security options, such as session management, although these functions can be integrated through services provided by third parties.
A significant portion of the nearly 25k instances of Kibana that exist work with servers running obsolete software versions that contain an arbitrary file-including vulnerability in the console plugin.
To mitigate risks, experts recommend protecting exposed instances with third-party authentication methods while tracking and analyzing data to prevent or detect possible leaks.