More than 13,000 Misconfigured iSCSI Storage Clusters Accessible via the Public Internet

More than 13,000 Internet Small Computer Systems Interface (iSCSI) clusters were found to be unsecured and accessible over the public internet due to their owners’ failing to password-protect them.

More than 13,000 Internet Small Computer Systems Interface (iSCSI) clusters were found to be unsecured and accessible over the public internet due to their owners’ failing to password-protect them. A reverse engineer and penetration tester named A Shadow discovered the exposed cyberassets on Shodan, an online search engine that lists assets or internet-connected devices.

[READ: Cities Exposed in Shodan]

iSCSI — a protocol which allows the linking of machines to data storage devices and network-attached storage (NAS) devices, permits virtual machines (VM) to boot from it as if it’s a local device, among other functionalities — can be potentially abused by cybercriminals who can infiltrate systems to swipe sensitive company information, implant malware, and deploy other malicious activities.

[READ: Security by Design: A Checklist for Safeguarding Virtual Machines and Containers]

ZDNet, which was contacted by A Shadow, also shed light on the iSCSI exposure through its own Shodan search. Among the thousands of publicly available clusters are iSCSI-available storage systems from a government agency in Russia, as well as several universities and research institutes, ZDNet found.

ZDNet also discovered several IP addresses pointing to one of the iSCSI clusters that hosted authenticated web panels for NAS devices. ZDNet states that it’s possible that though the web panels for the NAS devices were password-protected, the iSCSI port may not have been.

A Shadow, who also performed his own investigation of the exposure, found that a substantial number of the iSCSI clusters were owned by private companies, which may be easily targeted for huge ransom payouts by cybercriminals. 

Keeping Storage Clusters Secure

Though these thousands of iSCSI storage clusters are exposed, it doesn’t necessarily mean that they are already compromised. However, it should be noted that cybercriminals are always looking to exploit these assets — and enterprises may fall prey to data theft and fraud as well as malware attacks. As enterprises turn to NAS devices to handle their data and have their data storage easily accessible for users, ensuring that devices, as well as the ports for protocols that allow NAS devices to link to workstations such as the iSCSI, are kept secure is imperative. Incorporating security not only helps thwart threats but also reduces business risks to organizations.

To keep storage clusters secure, enterprises should set up authentication measures from the get-go. This will prevent unauthorized users from accessing storage clusters and stealing or corrupting sensitive company data.

Businesses can also consider Trend Micro Deep Security as a Service, which is a dedicated protection system optimized for Amazon Web Services (AWS), Microsoft Azure, and VMware. It can help an organization’s IT department by securing servers without the need for any installations. It allows businesses to implement new upgrades without any downtime and can instantly connect to the cloud and data center resources for proactive security measures. Meanwhile, the Hybrid Cloud Security solution offers optimal security for hybrid environments that incorporate physical, virtual, and cloud workloads. 

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Veröffentlicht in Cybercrime & Digital Threats