How to protect your organization’s online data: 5 tips

The wrong use of SMB, FTP, and other file storage technologies exposed 2.3 billion online files globally over the past year, according to a Digital Shadows report……

Organizations rely on various storage tools and technologies to provide online access to certain data. SMB, FTP, rsync, Amazon S3, and NAS drives are all used to make necessary files available to the people who need them. But the improper use of these technologies is exposing sensitive information and leaving those files vulnerable to attackers, according to a report released Thursday by Digital Shadows.

In the report entitled “Too Much Information: The Sequel,” Digital Shadows’ Photon Research Team discovered that 2.3 billion online files were exposed over the past year, largely due to the misconfiguration or misuse of different storage technologies and protocols. That number represents a 50% jump over the 750 million exposed files the firm detected for its 2018 study a year ago. Almost 50% of the files (1.071 billion) were exposed through the Server Message Block (SMB) protocol. Some 20% were exposed through FTP, 16% through rsync, 8% through Amazon S3 buckets, and 3% through network-attached storage (NAS) drives.

The misconfiguration issues have already resulted in real-word ramifications. More than 17 million of the exposed files have been encrypted by ransomware, 2 million of which were impacted by the NamPoHyu variant, according to Digital Shadows. A small IT consulting company in the UK was discovered exposing 212,000 files with password lists in plain text, with many of those files belonging to clients.

Further research by Digital Shadows found an open FTP server that contained job applications, personal photos, passport scans, and bank statements, all of which could be harnessed to conduct identity theft. The Photon Research Team also uncovered 4.7 million exposed medical-related files, such as DICOM (DCM) medical imaging files, X-Rays, and other health-related imaging scans.
Such exposure not only puts customers and other users at risk, but places organizations in breach of GDPR regulation, which can lead to significant fines. 


Text Source :

Leave a Reply

Your email address will not be published. Required fields are marked *