Poorly secured databases are being wiped and vandalized by the thousands in a seemingly automated attack.
Bob Diachenko, head of research at Comparitech and who spotted the digital destruction, said that, as of today, more than 3,000 insecure database instances have been overwritten with random text, rendering them useless to applications. The nuked databases were left facing the internet by their administrators so that anyone can read and write them, access that malicious software dubbed the Meow bot took advantage of to wreck the information silos.
The bot was uncovered last week when Comparitech noticed someone had scribbled over the contents of a cloud-hosted database belonging to a VPN provider called UFO VPN. If the name is familiar, that's because it is the provider that claimed it didn't keep logs on its users' activities yet it was actually keeping tabs on its subscribers and left the records on a public-facing system for all to see.
UFO VPN took down that poorly secured Elasticsearch database only for it to reappear at another IP address, and still left open. Crucially, Diachenko noticed the silo had been wiped by a miscreant, who replaced data with random strings and the word "meow" appended.
Soon after, other unsecured cloud databases were discovered also wiped in a similar manner. There appeared to be no other malicious activity, such as the installation of malware, just straight up data wiping. It was not particularly difficult to come up with a name for the operation, and the "Meow" bot was born.
Over the past few days, the bot went on a rampage across ..
Support the originator by clicking the read the rest link below.
