Protecting Truth During Tension

As the Israeli-Palestinian conflict develops and the rise of hate crimes persists, TML is on the ground in the Middle East and beyond writing stories that readers like you and other media outlets rely on. To ensure that you have immediate access to unbiased, fact-based reporting, it is crucial that TML has the resources to disseminate these stories in real-time. Please help us protect the truth during these critical times by making a donation today.
The Media Line is proud to assume this responsibility and has over 20 years of success in shaping the role of news reporting in the region. We hope you will support our efforts by making a donation today.

In our modern, digital world, we are not as far away from each other as we once were, which is why news agencies have a responsibility to put forth reliable, trustworthy journalism more than ever before.
TML is proud to assume this responsibility.
We hope you will support our efforts.

Thank you!

Thank you for confidence in The Media Line.
 
Felice Friedson
Founder, President
Israeli Cyber Experts Uncover Massive Attack on 85,000 MySQL Servers

Israeli Cyber Experts Uncover Massive Attack on 85,000 MySQL Servers

At least 250,000 databases have been compromised by anonymous group of hackers who remain at large

At least 85,000 MySQL servers around the world have been breached in a massive ransomware campaign, Israeli cybersecurity experts have warned.

MySQL is an open-source database management system used by companies in a variety of sectors. The attack, called PLEASE_READ_ME, has so far resulted in at least 250,000 stolen databases being compromised and posted for sale on the dark web.

This is a really vast target. There are almost 5 million of [these MySQL servers] in the world so this is a very attractive target for hackers

Ophir Harpaz and Omri Marom are security researchers at the Israel-based company Guardicore Labs, which specializes in cybersecurity threats and which discovered the hacker network.

Ophir Harpaz (L) and Omri Marom, security researchers at Guardicore. (Courtesy)

Harpaz told The Media Line that she believes this is the largest ransomware campaign of its kind ever uncovered.

“This is a really vast target,” she said. “There are almost 5 million of [these MySQL servers] in the world so this is a very attractive target for hackers.

“Once they’re in the database, they steal the data, send it to their own servers and then delete it from the local machines,” Harpaz continued. “The victim has to pay a ransom for the data to be returned.”

The attack campaign first began in January, researchers said, and ramped up significantly in October. Once hackers manage to steal the data, it is posted on a website and sold to the highest bidder unless the victim agrees to pay a ransom of roughly $500. Guardicore researchers have ascertained that the attackers made at least $25,000 early on the campaign; however, they have been unable to track their ongoing earnings, as the transactions are no longer traceable.

Companies and organizations with weak passwords are particularly vulnerable to such attacks. So far, seven terabytes of data have been stolen.

“We cannot attribute the attack to a specific group because they are using an anonymous network to host their infrastructure,” Harpaz noted. “We do know that the attacks that we’ve seen so far have been coming from machines in Ireland and the UK, but attackers often use compromised machines as intermediate stations from which they can operate so these are probably not their own private laptops but rather compromised servers used as the origin of the attacks.”

Researchers are not entirely certain what kind of information was stolen either and from exactly which organizations, she added. For now, they simply have a list of databases that were breached.

“Assuming that this hacker group targets MySQL servers then it’s a worldwide breach attack,” Harpaz said. “It’s not targeted to a specific geographical location but targets all such servers on the internet.”

As for the hackers themselves, they remain anonymous and at large. Guardicore’s researchers do not believe that they are state actors but a group of common cybercriminals.

“The fact that so many databases can be accessed from the internet is not a desired situation,” Omri Marom, who also works at Guardicore Labs as a security researcher, told The Media Line. “Databases should not be internet exposed and only be accessible from within the organization.”

Unfortunately, since the attack is so large in scope, there is no clear authority to turn to for help, the researchers said. For this reason, at the moment Guardicore is simply communicating with the companies that have been hit.

“We’re still on it, mostly on trying to take down whatever we can and helping organizations that have been breached,” he said.

Harpaz added that there were further difficulties that remain to be resolved.

“We’ve been contacted by companies with tens of thousands of customers that were hit,” she said, declining to provide specific names.

“Currently, we offer assistance for whoever was breached. We cannot take the leak site down because it’s on an anonymous network so it’s really hard to trace where this website is hosted.”

Did you know we’re celebrating our 20th Anniversary as the 1st American News Agency exclusively covering the Middle East?

  • The Middle East landscape is changing rapidly.
  • The roads in the region open to new possibilities.
  • The Media Line continues to pave the way to a far greater understanding of the region’s land, people, policies and governments through our trusted, fact-based news.

We’re an independent, ad-free, non-profit news agency and rely on friends like you!

Please make your gift today.
Thank you!

We paved the way to be the Trusted Mid East News you can rely on!

We’re an independent, ad-free, non-profit news agency and rely on friends like you!

Invest in the
Trusted Mideast
News source.
We are on the
front lines.

Personalize Your News
Upgrade your experience by choosing the categories that matter most to you.
Click on the icon to add the category to your Personalize news
Browse Categories and Topics
Wake up to the Trusted Mideast News source Mideast Daily News Email
By subscribing, you agree to The Media Line terms of use and privacy policy.
Wake up to the Trusted Mideast News source Mideast Daily News Email
By subscribing, you agree to The Media Line terms of use and privacy policy.