MongoDB Databases Hit by Multiple Groups of Ransomware Attackers

Today's topics include ransomware attacks on MongoDB database applications, the U.S. Department of Labor’s demands that Google gather more detailed employee data, Netsurion's new network threat detection and mitigation services, and AT&T’s partnership with international security provider Gemalto to strengthen AT&T’s internet of things offerings.

Attackers are exploiting misconfigured open-source MongoDB databases and holding them for ransom. The ransomware attacks against MongoDB were first publicly reported by GDI Foundation security researcher Victor Gevers on Dec. 27, 2016, and have been steadily growing ever since, with at least five different groups of hackers taking control of over 10,000 database instances.

Among the most recent groups to join the MongoDB ransomware attack was one reported on Jan. 6, by security researcher Nial Merrigan. The MongoDB attackers are only identified by the email address that is used to demand payment.

The new group identified as [email protected], has already compromised at least 17 MongoDB instances and is demanding 0.25 Bitcoin from victims to get the data back.

The amounts being demanded by attackers vary from a low of 0.15 Bitcoin up to a full Bitcoin. Bitcoin has fluctuated in value so far in 2017, and as of Jan 6, is worth approximately $892 USD.

The U.S. Department of Labor has sued Google for allegedly failing to submit compensation information on its employees as required under equal opportunities hiring practices laws.

The lawsuit filed with the Labor Department’s Office of Administrative Law Judges seeks to bar Google from bidding for government contracts until it provides the requested data. The Labor Department complaint also calls on the court to issue an order canceling all of Google’s existing government contracts and subcontracts unless the company complies with its obligations.

The dispute stems from what the Department of Labor described as a routine request for employee compensation data from Google as part of a random audit of the company’s compliance with relevant employment and hiring laws.

However, in a statement, Google denied that it was resisting the government's request to turn over the data to the Department of Labor and said that its actions were based on the fact that the requested data was far too broad and intrusive.

Security firm Netsurion is launching its first new services since acquiring security information and event management vendor EventTracker in October 2016.

The new SIEM-at-the-Edge and Breach Detection Services expand Netsurion's product portfolio and bring advanced threat detection and mitigation capabilities to small businesses and branch offices. Netsurion CEO Kevin Watson explained that the new services are two stages of a similar concept.

The basic idea behind both services is to collect network information from end-points and then provide alerts on events that are potentially problematic. Events could include items such as the installation of a new executable on a system and different user behavior patterns. In total, Watson said that there are 32 different alerts that can be triggered based on detected events.

AT&T, in a race with competitors Verizon, Time Warner and others to build a go-to internet of things development franchise, has selected international security provider Gemalto to handle its remote subscription management processes.

Gemalto, the world's largest provider of enterprise digital security software and services, is now supplying AT&T with a package that will enable its customers to deploy new and highly secure internet of things applications in the U.S. and globally. The companies made the announcement Jan. 4 at CES 2017 in Las Vegas.