Dozens of unsecured databases which are exposed on the public web have become a target of automated ‘meow’ attack that destroys data without any explanation.
Meow bot appears to exist mainly to destroy the databases that leave themselves open and exposed online without any security access controls. It is named so, because the automated attack script overwrites database indexes with random numerical strings with “meow” appended.
This activity which has started recently had hit the Elasticsearch and MongoDB instances randomly without even leaving a ransom note.
Using the Shodan Internet-of-Things (IoT) search engine, it has been found that dozens of databases have been affected by this attack.
The most recent example of a Meow attack is an Elasticsearch database belonging to a VPN provider which was uncovered by Bob Diachenko, a cyber threat specialist at Security Discovery.
The database was initially secured in July but was exposed again five days later. The second time, the owner did not receive any notification, instead, they got ‘meowed,’ and almost all records got wiped.
According to Diachenko, the attack appears to be an automated script that overwrites or destroys the data completely. However, there aren’t many details about the attacker or the purpose of their actions.
The researchers found the ‘meow’ database attacks a few days ago. Even though the motive behind the Meow bot attack is not known, it is believed that they might be the work of a vigilante trying to give administrators a hard lesson in security by destructing unsecured data.
Victor Gevers, the chairman of the non-profit GDI Foundation also saw this type of attack, too. He states that the actor is also attacking exposed MongoDB databases.
He too saw the first ‘meow’ attacks a few days ago and a recent one occurred just few hours after a GDI volunteer disclosed it responsibly to the owner.
The threat actors behind the ‘meow’ attacks is likely to keep on targeting unsecured databases and destroying them. The administrators must ensure that they expose only what needs to be exposed and make sure the assets are properly secured.
Image Credit : Tech News