Dozens of unsecured databases exposed on the public web are the target of an automated 'meow' attack that destroys data without any explanation.
The activity started recently and hits Elasticsearch and MongoDB instances indiscriminately without leaving any explanation, or even a ransom note.
A quick search by BleepingComputer on the IoT search engine Shodan has found dozens of databases that have been affected by this attack.
These attacks have pushed researchers into a race to find the exposed databases and report them responsibly before they become 'meowed.'
Cat's out of the bag
The most recent publicly known example of a Meow attack is an Elasticsearch database belonging to a VPN provider that claimed not to keep any logs.
Discovered by researcher Bob Diachenko, the database was initially secured in July only to become exposed again five days later.
The second time, though, the owner no longer received a well-intended notification. Instead, they got ‘meowed,’ with almost all records getting wiped.
Diachenko told BleepingComputer that there are not many details about the attacker or the purpose of their actions. He says that the attack appears to be an automated script that “overwrites or destroys the data completely.”
Researchers first observed the ‘meow’ database attacks a few days ago. They could be the work of a vigilante trying to give administrators a hard lesson in security by raining destruction on unsecured data.
Victor Gevers, the chairman of the non-profit GDI Foundation, saw this type of attack, too. He says that the actor is also attacking exposed MongoDB ..
Support the originator by clicking the read the rest link below.
