IoTSE-based open database vulnerability inspection in three Baltic countries: ShoBEVODSDT sees you

Abstract

This study aims to analyze the state of the security of open data databases, i.e. being accessible from the outside of organization, representing both relational databases and NoSQL of three Baltic countries - Latvia, Lithuania, Estonia. This is done by using previously proposed tool for non-intrusive detection of vulnerable data sources called ShoBEVODSDT (Shodan- and Binary Edge-based vulnerable open data sources detection tool). ShoBEVODSDT is based on the use of Internet of Things Search Engines (IoTSE). It is found to be suitable for this study since it conducts the passive assessment, which means that its use does not harm the databases but rather checks for potentially existing bottlenecks or weaknesses which, if the attack would take place, could be exposed. It allows for both comprehensive analysis for all unprotected data sources falling into the list of predefined data sources - MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, CouchDB, Cassandra and Memcached, or to define IP range to examine what can be seen from the outside of the organization about the data source. Although some data sources can be described as following the security-by-design principle, some of them face serious challenges in this respect. The study carries out cross-country comparative study on 8 data sources. We inspect both, (1) the most vulnerable data sources and (2) countries characterized by the highest number of open data sources and the highest degree of “value” of data being available to external actors.