Reply to post: Something to note.

MongoDB ransom attacks soar, body count hits 27,000 in hours

Anonymous Coward

Something to note.

By default an AWS instance drops all incoming traffic apart from an established initiated outbound connection (e.g. Do I need updating? Okay accept those incoming files then).

So in all these case "someone" opened the mongoDB port to accept all connections from any computer rather limiting connections to the application or computers associated with it. Even with the security issues with MongoDB's unpatched db, the only way this has happened is that someone turned off at least part of the default firewall (security group as AWS calls it).

The scandal is not that this is happening, it's the inevitable consequence when some idiot does something stupid.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021