A five-year study by cybersecurity firm Imperva has found up to 46% on-premises databases globally contain at least one vulnerability that could expose them to attacks.
According to Security Week, the company scanned 27,000 on-premises databases and found that there was an average of 26 flaws per database. Up to 56% of those vulnerabilities were classified as having critical or high severity, with some of them remaining unpatched for three years or more.
On a regional level, France held the highest percentage of vulnerable databases at 84% with an average of 72 vulnerabilities per database. Australia followed with 65% of vulnerable databases, Singapore at 64%, the UK at 61%, China at 52% and Japan at 50%. The US was found to 37% vulnerable databases, with an average of 25 issues per database.
Imperva said, “For non-publicly accessible databases, attackers can use a range of tools such as SQL injections to exploit vulnerabilities in web applications that are connected to a database.
“When it comes to public databases, the threat is even greater as exploiting them requires even less effort. Attackers can search for vulnerable targets through tools such as Shodan and acquire exploit code through repositories like ExploitDB which hold hundreds of points of compromise (POC) codes. From there, the attacker can run the exploit from anywhere since the database has a public IP address.”
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst