Global networked database risk analysis report
With the rapid expansion of the scale of data stored in cyberspace, the number and risk of data leakage in networked databases have increased year by year. The publicly reported online data leakage events and database blackmail events have repeatedly reached new heights, and the database security issues behind them have been frequently mentioned. So, how many networked databases exist on the global Internet? What are the types and geographical distribution of these databases? What percentage of databases are at risk of large-scale data leakage?
It introduces the ten database types selected in this report: MySQL, sqlserver, Oracle, PostgreSQL, DB2, elasticsearch, mongodb, Memcache, redis and CouchDB. According to the usage scenarios and classifications of databases, we can divide them into relational databases and non relational databases.
It is found that the total number of global database networking databases is 15 million, of which 14 million are relational databases, accounting for 93% of the total, and 1.09 million are non relational databases, accounting for 7% of the total. The usage of relational database is much larger than that of non relational data. Different from the first ranking of Oracle database based on market research data of DB engines, only 157157 Oracle databases in the whole network are detected by us, ranking sixth.
The global geographical distribution of the selected database and the spatial distribution of IPv4 using Hilbert curve are analyzed. The global geographical distribution of databases is mainly concentrated in China and the United States. The IP segments under the management of some organizations, such as ripe NCC, arin and lacnic, are evenly distributed. In others, such as us-dod, there is no database IP.
Among the major databases, MySQL is used by more than 10 million people. In the global distribution of all databases, the United States and China are in the top two. Mysql, PostgreSQL, redis, DB2 and CouchDB are the most used in the United States, and sqlservr, Oracle, mongodb, elasticsearch and Memcache are the most used in China. Poland ranks third in the total number of databases and second in the use of PostgreSQL databases. At the same time, comparing the versions detected by the database with the release date and end maintenance date of each version, it is found that there are still a large number of databases that are not officially supported for maintenance throughout the network. For example, after MySQL 5.1 series was officially stopped in December 2013, there are still 600000 5.1.73 and 160000 5.1.26 versions in use.
The leakage of the database is analyzed, and the suggestions for strengthening the database are put forward. Through analysis, it is found that data leakage is still a major hidden danger of database security, and there are still more than 80000 databases in the network with unauthorized access vulnerabilities. Elasticsearch leaks 3402tb, mongodb leaks 611tb, redis leaks 10TB and Memcache leaks 5.3tb. About 30% of Memcache databases on the Internet have unauthorized access, and elasticsearch has unauthorized access, accounting for about 20% of the total amount of this database.
According to the classification of the IP addresses of the leaked databases, we find that in the global ranking of database leaks, China ranks first in the number of database leaks in the world, with nearly 40000 databases having unauthorized access vulnerabilities. Among them, the number of such vulnerabilities in elasticsearch, mongodb and redis database types ranks first in the world, with 11952 elasticsearch databases, 11974 mongodb databases and redis7127 databases respectively. South Africa ranks first among the Memcache databases with unauthorized access, with 4890.
We made statistics on the BTC addresses appearing in the database blackmail and found that “1fyqd4ytppcnhymiffigg53s51dob6xx1” appeared up to 3472 times in the blackmail event. This data reflects that large-scale and batch blackmail attacks against the database still exist.
Global distribution statistics
By 2020, we have found that there are 15090146 global networked databases, including 13999460 relational databases and 1090686 non relational databases, as shown in Figure 3-1. It can be seen that relational databases account for 92.7% of the total, and non relational databases account for 7.3% of the total. The number of relational databases is much larger than that of non relational databases.
According to the global distribution, the number of databases is concentrated in North America, Asia and Europe. Among them, the United States has about 5.18 million, ranking first; 2.89 million in China; Followed by 956271 in Poland, 633728 in Germany, 452794 in France and 371692 in the Netherlands, all of which are European countries. In the top 10, Poland unexpectedly ranked third, surpassing traditional Germany and France.
Figure 3-3 shows the number of top 10 in each country. According to the global distribution, the number of databases is concentrated in North America, Asia and Europe. Among them, the United States has about 5.18 million, ranking first; 2.89 million in China; Followed by 956271 in Poland, 633728 in Germany, 452794 in France and 371692 in the Netherlands, all of which are European countries. In the top 10, Poland unexpectedly ranked third, surpassing traditional Germany and France.
Through the quake platform, the number distribution of various types of databases exposed on the public network is shown in Figure 3-4. We obtained 10669797 instances running MySQL services. There are 1515560 PostgreSQL and 1282744 sqlservers. The difference between the probe data and the ranking of DB engines is that MySQL is far more exposed on the Internet than other databases. The number of Oracle databases ranked first in DB engines is 157157, ranking sixth.
Data risk statistics
We compared the databases with unauthorized access vulnerabilities in surveying and mapping data with the total number of databases. The number of instances with problems in redis accounted for 2.15% of the total, with 14704. The proportion of instances with this problem in elasticsearch, mongodb and Memcache is 20.26%, 12.28% and 31.80% respectively.
After specifying the number of leaked entities, we analyze them according to the following fields: used in redis_ Memory, bytes in Memcache, datasize in mongodb and size field in elasticsearch. We made further detection by using these field data, and added the number of leaks of each entity to obtain the total amount of possible leaks of each database, as shown in Figure 3-21. Elasticsearch leaks 3402tb, mongodb leaks 611tb, redis leaks 10TB and Memcache leaks 5.3tb. It can be seen that the amount of data leaked by elasticsearch and mongodb is much larger than that of redis and Memcache, which is related to elasticsearch’s common use in big data search.
The global distribution of database leaks can be obtained by performing attribution statistics on the database IP of the leaked data, as shown in Figure 3-22. As shown in table 3-11 top 10 database leakage countries, there are 35095 IPS in China that may have data leakage, ranking first, and 17830 IPS in the United States ranking second. Table 3-12 shows the countries with the largest number of leaks in elasticsearch, Memcache, mongodb and redis. It can be seen that in addition to Memcache, China has the largest number of possible leaks in the other three databases. Vinchin offers solutions for the world’s most popular virtual environments, such as VMware backup, XenServer backup, XCP-ng backup, Hyper-V backup, RHV backup, oVirt backup, Oracle backup, etc.