Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/27/2011
03:02 PM
50%
50%

Protect Insider Data By Googling First, Often

Sensitive company data is often leaked via Google, Bing, and other search engines -- find it before the bad guys can

In June, a security researcher searching for passwords files on the Internet stuck gold: A database file of 300,000 users of Groupon subsidiary Sosasta had inadvertently been placed on a publicly accessible online server. The company quickly took it down after being notified, but the damage was done.

Google hacking, where an attacker searches for common vulnerabilities or sensitive data, can be an extremely efficient way to find accidentally leaked insider data. Millions of records are available to anyone with the ability to create specific searches on Google and Bing and the time to cull the results for interesting data, according to Francis Brown, a managing partner at security consultancy Stach & Liu.

The incident involving Sosasta's data is not uncommon. In August, both Yale University and Purdue University notified students, faculty, and staff that a total of about 50,000 records, including Social Security numbers, had been exposed to the Internet because specific files had been publicly accessible.

"There are a number of instances where people, by accident, have found huge data exposures," Brown says.

Inadvertent misconfigurations by insiders are a common way for data to be placed online, awaiting an opportunistic attacker to find them. In its 2011 Data Breach Investigations Report, Verizon found that 83 percent of breaches were the result of opportunistic attackers, not specific targeted attacks.

Because Web searches are inexpensive, companies should be regularly searching for sensitive corporate information that insiders might have inadvertently leaked online.

"Google and Bing were nice enough to go out and index all this interesting information, so it is to your advantage to go and search out your own stuff," Brown says.

[Bringing together groups of employees in a company with internal intelligence can help detect rogue insiders earlier. See Workers, Technology Need To Team To Fight Insiders.]

Companies should also search for employee information that might have been leaked by other sites, he says. One of Brown's searches, for example, turned up a porn site that has accidentally placed its user files on the Internet, exposing names, addresses, payment details, and passwords. An employee that reuses his passwords on such insecure services could become a weak point for his employer, he says.

"I would do forensics on the account and crack passwords internally to see if they have reused it -- they probably have," Brown says. "The whole point is to make sure that an attacker can't use it to get access to resources."

Yet, while such searches are free and can be automated, culling through the results can take time, points out Dave Marcus, director of advanced research and threat intelligence for security firm McAfee, a subsidiary of Intel. Companies should make sure that their security teams are not overwhelmed by possible breach data.

"It is going to come down to how many resources a company has to devote to this; do it as often as you can," he says.

Free tools, such as OpenDLP, exist to automate the process. OpenDLP searches for data both inside and outside of a company's firewall. Stach & Liu have its own free tool, DLPDiggity, that searches for more than 100 different types of sensitive data. In many cases, the data has escaped the notice of a company's own data-loss prevention (DLP) system.

"As it stands right now, there is plenty of stuff out there on Google and Bing," says Brown. "This is a zero-dollar way to find data exposures for your company."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35419
PUBLISHED: 2021-04-14
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
CVE-2021-28060
PUBLISHED: 2021-04-14
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
CVE-2021-28825
PUBLISHED: 2021-04-14
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with l...
CVE-2021-28826
PUBLISHED: 2021-04-14
The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker wi...
CVE-2021-28855
PUBLISHED: 2021-04-14
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).