June 1, 2022

Analysts at cybersecurity research group The Shadowserver Foundation have uncovered 3.6 million vulnerable MySQL servers on the internet. 2.3 million of these servers are connected over IPv4, while 1.3 million devices are connected over IPv6.

The United States stands in the center as the country with the most accessible MySQL servers with more than 1.2 million servers from the country. Other countries with a high number of exposed servers are China, Germany, Singapore, the Netherlands and Poland.

The detailed findings of the report include 3,957,457 exposed population on IPv4, 1,421,010 exposed population on IPv6, 2,279,908 “Server Greeting” responses on IPv4, and 1,343,993 “Server Greeting” responses on IPv6. In addition, 67% of all MySQL services found are accessible from the internet.

“While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed,” the report from Shadowserver explains.

Administrators are advised to block these instances so that only authorized devices can connect to them. It is also recommended to implement other security measures for publicly exposed servers.

Some of the measures include strict user policies, changing the default access port (3306, activating binary logging, closely monitoring all queries and enforcing encryption.

The sources for this piece include an article in BleepingComputer.