While it can be difficult for web administrators to keep tabs on every file, the most serious server breaches are often the result of the least visible security breaches on their websites, and leftover files are one example.
By analyzing the top 35,000 websites in the Alexa top 1m list, CyberNews discovered that 82 of the most popular websites had leftover files exposed to anyone and accessed without permission.
CyberNews Researcher Martynas Vareikis provided further information on the dangers posed by the remaining files in a new report, stating:
“From neglected database history and DS_STORE files to GIT repositories, even a single exposed item can open millions, if not billions of visitors to a plethora of potential dangers, including data breaches, attacks. of phishing, identity theft or worse. “
To make matters worse, the reach of the affected sites is massive and the media estimates that these sites receive around 17 million total visits per month. The list is also made up of sites from all over the world, including domains from USA, Russia, Japan, China, Germany, France, Korea, Netherlands and more. Again. These sites are even linked by government and educational organizations.
Remaining files exposed
To conduct their investigation, CyberNews the researchers scanned the 35,000 most visited websites on the internet for exposed DS-STORE, ENV, and MYSQL_HISTORY files as well as Git repositories, then analyzed the output and deleted any false positives.
When it comes to the remaining file types found on the world’s most visited sites, Desktop Services Store (DS_STORE) files top the list with over 81 instances exposed in total, followed by GIT directories exposed with 24 instances and MYSQL_HISTORY and ENV files with four exposures. instances of each file type discovered during the investigation.
By scanning these exposed files, malicious actors can collect information about the contents of folders stored on web servers, which can lead them to unprotected files containing sensitive data and allow them access to credentials.
Founder of cyber defense and threat detection service provider Melurna, Sam Jadali explained to CyberNews how the leftover files can be used by cybercriminals to perform side attacks, inject malware, or launch ransomware attacks, saying:
âThe ubiquitous and ubiquitous nature of these bots makes it increasingly easy to compromise servers. Web and application developers may forget to delete MySQL backups, application environment, or history files. When left in publicly accessible places, bad actors use the data to discover credentials, map server infrastructure, perform side-attack attacks, inject malware, or infect servers with ransomware. Using today’s advanced technology, hackers can scan the global IPv4 Internet range in less than 5 minutes.
To mitigate the security threats of leftover files, Jadali recommends that web server administrators validate user input, handle exceptions, use browser security headers, implement identity management, and access, run automatic security products to identify vulnerabilities during development, testing and deployment, and perform manual operations. regular penetration tests.
Looking to improve your online security? Check out our list of best antivirus software and protect your privacy with one of the best VPN services