Over 13K iSCSI Storage Clusters Left Exposed Online Without a Password

Over 13,000 iSCSI storage clusters are currently accessible via the internet after their respective owners forgot to enable authentication. From a report: This misconfiguration has the risk of causing serious harm to devices' owners, as cyber-criminal groups could access these internet-accessible hard drives (storage disk arrays and NAS devices) to replace legitimate files with malware, insert backdoors inside backups, or steal company information stored on the unprotected devices. [...] Over the weekend, penetration tester A Shadow tipped ZDNet about this hugely dangerous misconfiguration issue. The researcher found over 13,500 iSCSI clusters on Shodan, a search engine that indexes internet-connected devices. In an online conversation with ZDNet, the researcher described this iSCSI exposure as a "dangerous backdoor" that can allow cyber-criminals to plant ransomware-infected files on companies' networks, steal company data, or place backdoors inside backup archives that may get activated when a company restores one of these booby-trapped files.

Re:"internet-accessible hard drives"

Oh yeah, the same thing wrong with "the cloud"

iSCSI dates back to 1998. "The Cloud" dates back to 2006. iSCSI is intended to be used over a LAN, not the internet. This is a "misconfiguration" as said in the second word of the summary, not someone intentionally sharing data to the cloud or whatever you think it is.