ISRAEL - Cyber Experts Uncover Massive Attack

Arno Froese

At least 85,000 MySQL servers around the world have been breached in a massive ransomware campaign, Israeli cybersecurity experts have warned. 

MySQL is an open-source database management system used by companies in a variety of sectors. The attack, called PLEASE_READ_ME, has so far resulted in at least 250,000 stolen databases being compromised and posted for sale on the dark web.

Ophir Harpaz and Omri Marom are security researchers at the Israel-based company Guardicore Labs, which specializes in cybersecurity threats and which discovered the hacker network.

Harpaz told The Media Line that she believes this is the largest ransomware campaign of its kind ever uncovered.

“This is a really vast target,” she said. “There are almost 5 million of [these MySQL servers] in the world so this is a very attractive target for hackers. 

“Once they’re in the database, they steal the data, send it to their own servers and then delete it from the local machines,” Harpaz continued. “The victim has to pay a ransom for the data to be returned.”

“We cannot attribute the attack to a specific group because they are using an anonymous network to host their infrastructure,” Harpaz noted.  “We do know that the attacks that we’ve seen so far have been coming from machines in Ireland and the UK, but attackers often use compromised machines as intermediate stations from which they can operate so these are probably not their own private laptops but rather compromised servers used as the origin of the attacks.”

“Assuming that this hacker group targets MySQL servers then it’s a worldwide breach attack,” Harpaz said. “It’s not targeted to a specific geographical location but targets all such servers on the internet.”

As for the hackers themselves, they remain anonymous and at large. Guardicore’s researchers do not believe that they are state actors but a group of common cybercriminals.

“The fact that so many databases can be accessed from the internet is not a desired situation,” Omri Marom, who also works at Guardicore Labs as a security researcher, told The Media Line. “Databases should not be internet exposed and only be accessible from within the organization.”

Harpaz added that there were further difficulties that remain to be resolved.

“We’ve been contacted by companies with tens of thousands of customers that were hit,” she said, declining to provide specific names. 

“Currently, we offer assistance for whoever was breached. We cannot take the leak site down because it’s on an anonymous network so it’s really hard to trace where this website is hosted.”, 22 December 2020

Arno's commentary

While some sources credit different numbers of people as the inventors of the Internet, it is generally accepted that Robert Elliot Kahn, an electrical engineer, with his co-worker Vint Cerf are in most cases credited with the invention in 1983. Now this has become a global tool. It seems that without the Internet, the entire world’s financial, political, and economic system would all but collapse. Information makes the world function. 

But, as many other inventions helpful to society and commerce, there is misuse—in this case by an anonymous group of hackers, who remain at large.

Not surprisingly, Israeli know-how is being applied to detect and “offer assistance for whoever was breached.”

That’s what’s occurring in the invisible world. Here we are reminded of Ephesians 6:12: “For we wrestle not against flesh and blood, but against principalities, against powers, against the rulers of the darkness of this world, against spiritual wickedness in high places.” This is addressed to believers who are fighting a spiritual battle—not against anyone that can be identified. Whenever one does, such as politicians, political parties, liberals, or conservatives, he is dead wrong, because those are identifiable. These individuals, parties, or countries are guided by “flesh and blood.” Our battle, however, is against the invisible world; against the principalities, the powers, the rulers of darkness, and a spiritually wicked world. How we must fight our battle is described in the next five verses, admonishing us: “Praying always with all prayer and supplication in the Spirit, and watching thereunto with all perseverance and supplication for all saints” (verse 18).

Arno Froese is the executive director of Midnight Call Ministries and editor-in-chief of the acclaimed prophetic magazines Midnight Call and News From Israel. He has authored a number of well-received books, and has sponsored many prophecy conferences in the U.S., Canada, and Israel. His extensive travels have contributed to his keen insight into Bible prophecy, as he sees it from an international perspective.

Read more from this author

ContactAbout UsPrivacy and Safety