This holiday season, we ask you to give the gift of trusted news…

Dear friends,

The Media Line is always there to report to you the stories and issues of the Middle East – completely and in context: TML is the source you can trust.

Know The Media Line to Know The Middle East!

Please support our ad-free, nonprofit news agency. Our seasoned journalists reporting from the Middle East are working day and night during these challenging, yet defining times; and our student interns are honing their knowledge and skills, preparing to emerge as tomorrow’s journalists.

You rely on us and we’re relying on you! Make your online tax-deductible donation here and contact us regarding donations through appreciated stock, donor advised funds, qualifying IRA distributions and other charitable instruments.

Thank you and best wishes to you and yours this holiday season.
Felice Friedson
Founder, President
Israeli Cyber Experts Uncover Massive Attack on 85,000 MySQL Servers

Israeli Cyber Experts Uncover Massive Attack on 85,000 MySQL Servers

At least 250,000 databases have been compromised by anonymous group of hackers who remain at large

At least 85,000 MySQL servers around the world have been breached in a massive ransomware campaign, Israeli cybersecurity experts have warned.

MySQL is an open-source database management system used by companies in a variety of sectors. The attack, called PLEASE_READ_ME, has so far resulted in at least 250,000 stolen databases being compromised and posted for sale on the dark web.

This is a really vast target. There are almost 5 million of [these MySQL servers] in the world so this is a very attractive target for hackers

Ophir Harpaz and Omri Marom are security researchers at the Israel-based company Guardicore Labs, which specializes in cybersecurity threats and which discovered the hacker network.

Ophir Harpaz (L) and Omri Marom, security researchers at Guardicore. (Courtesy)

Harpaz told The Media Line that she believes this is the largest ransomware campaign of its kind ever uncovered.

“This is a really vast target,” she said. “There are almost 5 million of [these MySQL servers] in the world so this is a very attractive target for hackers.

“Once they’re in the database, they steal the data, send it to their own servers and then delete it from the local machines,” Harpaz continued. “The victim has to pay a ransom for the data to be returned.”

The attack campaign first began in January, researchers said, and ramped up significantly in October. Once hackers manage to steal the data, it is posted on a website and sold to the highest bidder unless the victim agrees to pay a ransom of roughly $500. Guardicore researchers have ascertained that the attackers made at least $25,000 early on the campaign; however, they have been unable to track their ongoing earnings, as the transactions are no longer traceable.

Companies and organizations with weak passwords are particularly vulnerable to such attacks. So far, seven terabytes of data have been stolen.

“We cannot attribute the attack to a specific group because they are using an anonymous network to host their infrastructure,” Harpaz noted. “We do know that the attacks that we’ve seen so far have been coming from machines in Ireland and the UK, but attackers often use compromised machines as intermediate stations from which they can operate so these are probably not their own private laptops but rather compromised servers used as the origin of the attacks.”

Researchers are not entirely certain what kind of information was stolen either and from exactly which organizations, she added. For now, they simply have a list of databases that were breached.

“Assuming that this hacker group targets MySQL servers then it’s a worldwide breach attack,” Harpaz said. “It’s not targeted to a specific geographical location but targets all such servers on the internet.”

As for the hackers themselves, they remain anonymous and at large. Guardicore’s researchers do not believe that they are state actors but a group of common cybercriminals.

“The fact that so many databases can be accessed from the internet is not a desired situation,” Omri Marom, who also works at Guardicore Labs as a security researcher, told The Media Line. “Databases should not be internet exposed and only be accessible from within the organization.”

Unfortunately, since the attack is so large in scope, there is no clear authority to turn to for help, the researchers said. For this reason, at the moment Guardicore is simply communicating with the companies that have been hit.

“We’re still on it, mostly on trying to take down whatever we can and helping organizations that have been breached,” he said.

Harpaz added that there were further difficulties that remain to be resolved.

“We’ve been contacted by companies with tens of thousands of customers that were hit,” she said, declining to provide specific names.

“Currently, we offer assistance for whoever was breached. We cannot take the leak site down because it’s on an anonymous network so it’s really hard to trace where this website is hosted.”

This holiday season, we ask you to give the gift of trusted news…

Dear friends,

The Media Line is always there to report to you the stories and issues of the Middle East – completely and in context: TML is the source you can trust.

Know The Media Line to Know The Middle East!

Please support our ad-free, nonprofit news agency. Our seasoned journalists reporting from the Middle East are working day and night during these challenging, yet defining times; and our student interns are honing their knowledge and skills, preparing to emerge as tomorrow’s journalists.

You rely on us and we’re relying on you! Make your online tax-deductible donation here and contact us regarding donations through appreciated stock, donor advised funds, qualifying IRA distributions and other charitable instruments.

Thank you and best wishes to you and yours this holiday season.
Felice Friedson
Founder, President

Invest in the
Trusted Mideast
News source.
We are on the
front lines.

Personalize Your News
Upgrade your experience by choosing the categories that matter most to you.
Click on the icon to add the category to your Personalize news
Browse Categories and Topics
Wake up to the Trusted Mideast News source Mideast Daily News Email
By subscribing, you agree to The Media Line terms of use and privacy policy.
Wake up to the Trusted Mideast News source Mideast Daily News Email
By subscribing, you agree to The Media Line terms of use and privacy policy.