Enfilade: Detecting Ransomware Infections in MongoDB

Challenge: Increase in Ransomware infections in MongoDB instances

As part of ongoing research, let’s quickly look into a snippet of live MongoDB ransomware infections. The list is not exhaustive but gives you an insight into the problem.

Attackers are targeting MongoDB instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MongoDB instances and trigger infections at scale to exfiltrate data, destruct data, and extort money via ransom. For example one of the significant threats MongoDB deployments is facing is ransomware. During this talk, we will release a tool named “ENFILADE” to detect potential infections in MongoDB instances. The tool allows security researchers, penetration testers, and threat intelligence experts to detect compromised and infected MongoDB instances running malicious code. The tool also enables you to conduct efficient research in the field of malware targeting cloud databases.

Enfilade tool is available at: https://github.com/adityaks/enfilade

Check the tool slides below:

Enfilade Overview

Note: This is the first release of the tool and we expect to add more modules in the nearby future. This work is done in collaboration with the Research Team at the Office of the CTO, F5 (https://www.f5.com/company/octo)

Thanks.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Try Hack me Room Volatility Writeup

CISM Certification: Overview, Career Path, Eligibility and Other Security Certifications

Try Hack Me - Daily Bugle (w/o SQLmap & Metasploit)

Welcome to StonkBase

StonkBase

HTTP VERB TAMPERING:

How to disable Google Maps location tracking | The Burn-In

Hasta la vista, baby

Should You Be Worried About Google Services?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya K Sood

Aditya K Sood

More from Medium

Generate free letsencrypt wildcard SSL certificate

Build and Publish Docker Images using Jenkins

flaws.cloud Walkthrough | AWS Penetration testing — Level-4

Automating Deploy WordPress with MySQL on Kubernetes cluster on AWS.