New ‘Meow’ attack has wiped dozens of unsecured databases


Dozens of unsecured databases exposed on the public web are the target of an automated ‘meow’ attack that destroys data without any explanation.

The activity started recently and hits Elasticsearch and MongoDB instances indiscriminately without leaving any explanation, or even a ransom note.

A quick search by BleepingComputer on the IoT search engine Shodan has found dozens of databases that have been affected by this attack.

These attacks have pushed researchers into a race to find the exposed databases and report them responsibly before they become ‘meowed.’

Cat’s out of the bag

The most recent publicly known example of a Meow attack is an Elasticsearch database belonging to a VPN provider that claimed not to keep any logs.

Discovered by researcher Bob Diachenko, the database was initially secured in July only to become exposed again five days later.

The second time, though, the owner no longer received a well-intended notification. Instead, they got ‘meowed,’ with almost all records getting wiped.

ufo vpn 2nd

Diachenko told BleepingComputer that there are not many details about the attacker or the purpose of their actions. He says that the attack appears to be an automated script that “overwrites or destroys the data completely.”

Researchers first observed the ‘meow’ database attacks a few days ago. They could be the work of a vigilante trying to give administrators a hard lesson in security by raining destruction on unsecured data.

Victor Gevers, the chairman of the non-profit GDI Foundation, saw this type of attack, too. He says that the actor is also attacking exposed MongoDB databases, hitting as much as they can.

MongoDB Meow VicGev ed

He also saw the first ‘meow’ attacks a few days ago, with a recent one occurring earlier today, just a couple of hours after a GDI volunteer disclosed it responsibly to the owner.

Obstructing researchers

If behind these incidents are positive intentions, sometimes nothing good comes out of them and valuable data that could be lost in the process.

Data leaks from unsecured MongoDB and Elasticsearch instances reachable over the public internet are on a descending curve, but there is still some “very sensitive” information exposed.

As Gevers puts it, “some leaks bring bad things to the light, which need to be shared,” and wiping them brings benefits to no one.

“It is becoming a race to find these leaks as early as possible. This reduces the amount of time that can be spent on researching and reporting” – Victor Gevers

Whoever is behind the ‘meow’ attacks is likely to keep on targeting unsecured databases, aggressively destroying them. Administrators should make sure that they expose only what needs to be exposed and make sure the assets are properly secured.

Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here