Data Security

Thousands of Kibana implementations using Elasticsearch are exposed online

Working with large amounts of data without taking the necessary security steps can pose a huge risk to any organization. According to the ethical hacking training experts from the International Institute of Cyber Security (IICS), unprotected databases significantly increase the chances of a company being a victim of a data breach.

For example, more than 50% of data breach cases
registered in 2018 originated from unprotected database
implementations, in other words, implementations to which any minimally
knowledgeable user could access, even without needing a password.

An organization’s databases may contain
extremely sensitive information, ethical hacking training experts mentioned; that
is why threat actors have begun to focus their efforts on finding vulnerable or
unprotected access points. Reports have recently emerged on some unprotected
instances of Kibana exposed on the Internet, a situation that threatens the
operations of multiple companies.

Kibana is an open source analytics and
visualization platform designed to run with Elasticsearch;
Kibana makes it easy for data analysts to quickly and easily understand the
complex flows and logs of large data groups using graphical expressions.

According to the ethical hacking training
experts, there are about 25k Kibana instances active online; out of these, most
are exposed without adequate protections. Apparently, this is because Kibana
does not have built-in security options, such as session management, although
these functions can be integrated through services provided by third parties.

A significant portion of the nearly 25k
instances of Kibana that exist work with servers running obsolete software
versions that contain an arbitrary file-including vulnerability in the console
plugin.

Presumably, the vulnerability allows hackers to
remotely execute malicious JavaScript code, which could allow them to execute
arbitrary commands on the host system. Because a large number of servers do not
have authentication methods, this could be the first step for massive data breach
to occur, one of the most critical situations a company could face.

To mitigate risks, experts recommend protecting
exposed instances with third-party authentication methods while tracking and
analyzing data to prevent or detect possible leaks.

To Top

Pin It on Pinterest

Share This