Over 13K iSCSI Storage Clusters Left Exposed Online Without a Password

Over 13,000 iSCSI storage clusters are currently accessible via the internet after their respective owners forgot to enable authentication. From a report: This misconfiguration has the risk of causing serious harm to devices' owners, as cyber-criminal groups could access these internet-accessible hard drives (storage disk arrays and NAS devices) to replace legitimate files with malware, insert backdoors inside backups, or steal company information stored on the unprotected devices. [...] Over the weekend, penetration tester A Shadow tipped ZDNet about this hugely dangerous misconfiguration issue. The researcher found over 13,500 iSCSI clusters on Shodan, a search engine that indexes internet-connected devices. In an online conversation with ZDNet, the researcher described this iSCSI exposure as a "dangerous backdoor" that can allow cyber-criminals to plant ransomware-infected files on companies' networks, steal company data, or place backdoors inside backup archives that may get activated when a company restores one of these booby-trapped files.

Internet accessible?

[grasshoppa]

I never understood this. Under normal circumstances it's quite difficult to make something internet accessible. Most firewalls, both corporate and consumer, by default use NAT with no forwarding, so under those conditions you'd have to go out of your way to make this happen ( ironic, given that if you have the knowledge necessary to do so, you know what not to do as well ).

The only thing I can think of is that this is an org with a huge block of public IPs that are managed poorly, but I would expect this to be an edge case and not a part of all these risk vectors ( cameras, printers, workstations and now, apparently, disk systems ).