Despite the fact that it can be difficult for web administrators to keep track of every file, the most serious server breaches are usually caused by the smallest security breaches on their sites, as well as residual files.
CyberNews found that 82 of the top 1 million Internet domains had exposed files that were accessible to anyone and without permission.
“From neglected database history and DS_STORE files to GIT repositories, even a single exposed item can open millions, if not billions of visitors to a plethora of potential dangers, including data breaches, attacks. of phishing, identity theft or worse. “
Worse yet, the reach of these websites is huge, with over 17 million monthly visits according to the news source.
The list includes domains from all over the world including US, Russia, Japan, China, Germany, France, Korea, Netherlands, etc.
These sites are even linked by government and educational organizations besides being affected by this ransomware epidemic.
Expose files that have been left behind
In their study, CyberNews researchers looked at the 35,000 most visited websites on the internet for exposed DS-STORE, ENV, and MYSQL_HISTORY files as well as Git repositories, then looked at the results and eliminated any false positives. .
The following table shows the top 10 types of residual files found on the most popular sites around the world.
Malicious actors can examine these exposed documents to acquire information about the contents of folders kept on web servers, which could lead them to insecure files containing sensitive data and allow them to log on.
Sam Jabali, founder of Melbourne, a provider of cyber defense and threat detection services, told CyberNews how the leftover files can be used by cybercriminals for side attacks, malware injection or ransomware attacks :
âThe ubiquitous and ubiquitous nature of these bots makes it increasingly easy to compromise servers. Web and application developers may forget to delete MySQL backups, application environment, or history files. When left in publicly accessible places, bad actors use the data to discover credentials, map server infrastructure, perform side-attack attacks, inject malware, or infect servers with ransomware. Using today’s advanced technology, hackers can scan the global IPv4 Internet range in less than 5 minutes.
Jadali advises web server administrators to validate user input, handle exceptions, use browser security headers, use identity and access management, and perform penetration testing regular to defend against residual files.
Pop culture geek with subtle charm. Amateur analyst. Passionate about independent television. Coffee lover