Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Below the surface: Group-IB identified 308,000 exposed databases in 2021

Media Center Press Releases
April 27, 2022 · 3 min to read
Attack Surface Management
DB
Exposed
Tim Bobak

Group-IB, one of the global cybersecurity leaders, carried out a deep dive into exposed digital assets discovered in 2021. During the research, Group-IB’s Attack Surface Management team analyzed instances hosting internet-facing databases. The findings showed that in the second half of 2021, the number of public-facing databases increased by 16% to 165,600 with most of them stored on the servers in the US. The number of databases exposed to the open web has been growing every quarter to reach its peak of 91,200 in Q1 2022. Group-IB Attack Surface Management continuously scans the entire IPv4 and identifies external-facing assets, hosting for example, exposed databases, malware or phishing panels, and JS-sniffers. Corporate digital assets that are not properly managed undermine security investment and increase the attack surface, Group-IB experts warn. The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.

As the pandemic progressed with more people having to work from home, corporate networks kept getting more complex and extended. This inevitably led to the increase in the number of public facing assets that were not inventoried properly. In 2021, nearly USD 1.2 billion worth of penalties have been issued against companies for violations of the GDPR. According to IBM, the average cost of a data breach increased from USD 3.86 million to USD 4.24 million last year. In many cases, a data breach starts with a preventable security risk, such a database exposed to the open web.

As such, in 2021 alone, Group-IB Attack Surface Management team identified 308,000 incidents of databases exposed to the open web. The number of public-facing databases kept growing almost every quarter since the beginning of 2021 to reach a peak in Q1 2022.

Most of the exposed databases discovered between the Q1’2021 and Q1’2022 used Redis database management system.

When it comes to management of high-risk digital assets, timely discovery plays a key role as threat actors are quick in spotting a chance to steal sensitive information or advance further in the network. According to the Attack Surface Management team’s findings, in the first quarter of 2021, it took an average of 170.2 days for an exposed database owner to fix the issue. The average time was decreasing gradually over 2021, but it climbed back to the initial value of 170 in the first quarter of 2022.

Country wise, last year, most of the databases exposed to the open web were discovered on the servers located in the US.

A lot of the security incidents can be prevented with very little effort and a good toolset. Last year, over 50% of our incident response engagements stemmed from a preventable, perimeter-based security error. A public facing database, an open port, or a cloud instance running vulnerable software are all critical but ultimately avoidable risks. As the complexity of corporate networks keeps growing, all the companies need to have complete visibility over their attack surface.

Tim Bobak
Tim Bobak

Attack Surface Management Product Lead at Group-IB

Group-IB’s new intelligence-driven product Attack Surface Management leverages the full breadth and depth of Group-IB’s threat hunting and intelligence gathering ecosystem by continuously discovering all external-facing IT assets, identifying potential vulnerabilities and prioritizing issues for remediation via an all-in-one easy to use interface.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Read next
November 27, 2025
Ukuk and Group-IB Strengthen Cooperation to Enhance the National Cyber Defense of the Kyrgyz Republic
Top Women in Security ASEAN Awards 2025
November 13, 2025
Group-IB’s High-Tech Crime Investigations team triumphs at Top Women in Security ASEAN Awards 2025
October 21, 2025
Group-IB launches Asia-Pacific’s first Cyber Fusion Center in Singapore
October 9, 2025
Group-IB Intelligence Powers Spanish Guardia Civil Operation to Dismantle the “GXC Team” Cybercrime Syndicate
September 30, 2025
Group-IB and Cyber Samurai join forces to enhance cyber resilience in the DACH region
September 26, 2025
Group-IB supports INTERPOL’s “Operation Contender 3.0”, leading to the arrest of 260 suspects in Africa
Go to all Press Releases →