3.6 Million MySQL Servers are Exposed to the Internet and Responding to Queries

The cybersecurity research group, The Shadowserver Foundation, has identified 3.6 million MySQL servers that are using the default TCP port 3306 and are exposed to the Internet. Almost 2.3 million of those MySQL servers responded to queries on IPv4, and over 1.3 million responded to queries over IPv6. 67% of all MySQL servers were discovered to be accessible over the Internet.

The researchers did not investigate the level of access that was possible, nor the specific databases that had been exposed, but point out that the exposure to the Internet is a potential attack surface that could be exploited by cyber threat actors and is one that needs to be addressed.

The highest number of exposed IPv4 MySQL databases were in the United States (740.1K), China (296.3K), followed by Poland (207.8K), Germany (174.9K), and France (73K). The most accessible IPv6 MySQL servers were in the United States (460.8K), Netherlands (296.3K), Singapore (218.2K), Germany (173.7K), and the United Kingdom (92K).

While there are valid reasons for having applications and web services connect to MySQL databases, restrictions should be in place on the services and applications that can connect. MySQL databases are unlikely to need to allow any external connections from the Internet, and any connections should require authentication.

The failure to secure MySQL databases could lead to a serious data breach, data destruction event, or ransomware attack. There have been several incidents where exposed databases have been stolen and had data deleted, often accompanied by ransom demands issued for the safe return of the data. Exposed database servers could also be infected with malware.

“If you do receive a report on your network/constituency, take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server,” suggests The Shadowserver Foundation, and if unsure how to secure MySQL databases the Shadowserver Foundation recommends reading the MySQL 5.7 Secure Deployment Guide and the MySQL 8.0 Secure Deployment Guide.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news