Over 2.3 billion files exposed online
Source: Vistar Communications for ESET Middle East , Author: Tomas Foltyn
Posted: Wed June 12, 2019 11:29 am

UAE. More than 2.3 billion files have been found inadvertently exposed online over the past year, reads a report from threat intelligence outfit Digital Shadows.

The firm’s new ‘Too Much Information: The Sequel’ report follows up on the study’s previous iteration, which found 1.5 billion files exposed between April 2017 and March 2018. The latest figure represents a 50-percent jump from the previous report.

Beyond this, real estate insurance giant First American was found, just days ago, to expose a staggering 885 million files. But let’s go back to Digital Shadows’ report.

How?

As one might have expected, all that data found by Digital Shadows was sitting out in the open and for anybody to find because of misconfigured or non-secured file storage and sharing technologies.

Around 46 percent of the files were exposed through Server Message Block (SMB) file shares, with their number (1.07 billion) actually doubling on an annual basis. File Transfer Protocol (FTP) and rsync servers follow on 20 percent and 16 percent, respectively.

Amazon S3 buckets, which account for 8 percent of the total exposure, are in an interesting situation. On the one hand, hardly a month goes by without a widely publicized news report of a leaky Amazon S3 bucket, and Digital Shadows does say that the number of files exposed via this cloud service increased year-on-year.

But this is also where the report is not all bad news, as it notes that the number of exposed files tumbled from millions to thousands after Amazon Web Services (AWS) rolled out the ‘Block Public Access’ feature in November 2018.

What?

Of course, it’s not all about numbers, so what kind of files end up accidentally exposed? It varies, or, as the company puts it bluntly, “not all of them are blatantly sensitive, but there is plenty of gold in these mountains”.

Indeed, the analysis detected many files containing highly sensitive information. This includes enough data – such as that appearing in passports scans and bank statements – that is offered on a silver platter for identity theft. Almost 5 million medical-related files, mostly imaging files such as x-rays and other medical scans, were also found exposed.

Data leaks from misconfigured public-facing file repositories may result in data theft and fraud, as well as penalties under the European Union’s General Data Protection Regulation (GDPR).

In addition, the data may also fall victim to a malware attack. Indeed, more than 17 million of the files that Digital Shadows found were encrypted by ransomware.

Photo Caption: Tomas Foltyn, security writer at ESET

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: June 25, 2019
UAE. There were a number of iconic deals completed in Q1 FY19 which include: Network International IPO, acquisition of Careem by Uber, Saudi Aramco bond listing and investment into ADNOC pipeline and refinery assets by international investors.
date:Posted: June 24, 2019
UAE. The latest edition of PwC's Middle East Economy Watch looks at the recent oil price rebound and its mixed impact on regional economies.
date:Posted: June 20, 2019
UAE. Eighty-seven percent of businesses plan to expand warehouse footprint over the next five years, finds Zebra's 2024 Warehousing Vision Study.