From 12 months of monitoring the internet, dark web and deep web, the following was found: - Over 500,000 open databases containing around 20 terabytes of exposed data were found, including 5,000 in India. - Over 6.7 billion leaked passwords were indexed, putting 40% of organizations at risk of being breached using leaked credentials. - Thousands of code leaks were found, with 15% caused by employees leaking internal credentials, keys and sensitive information. - Millions of open cloud resources and buckets containing terabytes of exposed data were found, including over 10,000 unsecured EBS snapshots and 400 RDS snapshots.

1. From The Hidden Internet: Lesson
From 12 Months of Monitoring
FireCompass

2. Major Causes of Recent Breaches
Due to Shadow IT Risks Due to Leaked Credentials
Due to 3rd
Party/Vendor Risks

3. Experiment: Indexing
The Deep, Dark &
Surface Web

4. Technology Goals
• Continuous monitoring of internet, deep and dark web to collect
insecure services, sensitive data and leaked credentials.
• Real time sampling of exposed data, sensitivity analysis and generate
alert on the fly.
• Real-time attribution of flaws and sensitive data to the organizations.

5. Architecture Setup
Billions of
(Sub)
Domains
IPs,
Services,
Certificates
Dark Web
Data
Paste Sites
TBs of Open
Source Code
TBs of
Leaked
Creds
Millions of
Buckets
Data Collection and Monitoring Analysis, ML, Attribution
PB of Storage
Reporting and
Alerting
• Database Cluster
of 80 nodes
• 7.2 PB of Data
• Daily 10+ TB Data

6. Exposed Databases
(India)

7. Database Exposure
• # of open databases (Mysql, Mongo,
ES, Redis): 500K
• # Sample Size of Data Exposed: ~ 20
TB
• # of open databases in India: 5K

8. Leaked Passwords
(India)

9. Leaked Passwords
• Number of Leaked passwords reached 6.7 Billion by end of Jan 2019
• 40%+ of Organizations could be breached just using leaked passwords
• Found 5+ common password patterns for every major organisation.

10. Weak Password ?
Common “Strong Password” ?
Common “Super Strong Password” ?

14. Code Leaks

15. Code Leaks
• Sample Enterprise Code Leaks: 12K +
• 15% of cases internal employees
leaked credentials, keys and
sensitive information such as private
keys, AD passwords, mail server
passwords, even Pay slips.
• CI/CD tools such as Jenkins, GoCD
etc. leads to exposed code and
remote code execution.

16. Open Cloud Resources
(Open Buckets and
Beyond)

17. Open Cloud Resources
• +10K public Elastic Block Store (EBS) snapshots from 3,213 accounts.
• +400 public Relational Database Service (RDS) snapshots from 200+
accounts.
• +700K public Amazon Machine Images (AMIs) from +20K accounts.
• +16K public IPs of exposed AWS managed ElasticSearch clusters that could
have their contents stolen or data possibly deleted - this means 17% of
AWS-managed ElasticSearch servers with public IPs were misconfigured.
• More than 500 Million AWS Buckets Indexed hosting Terabytes of Data.

18. Exposed Network
Services

19. Exposed Network Services
• 80% of large organisations has
• Multiple exposed UAT servers
• Vulnerable WordPress/Zoomla servers
• Telnet/FTP
• Open vulnerable routers
• 30% of organizations had
• Open LDAP
• Open RDP
• Open SMB/RPC

20. Thank You