New ‘Meow’ attack targets unsecured databases exposed on the public web without any explanation and wipes it off.
New ‘Meow’ attack targets unsecured databases exposed on the public web without any explanation and wipes it off.
Even though there is saying dogs are man’s best friend, cats are internet royalty. When it comes to memes, cats are at the top list more than any other animal. This recently emerged ‘meow attack’ is destructive, unlike the cat memes.
Meow attack exists purely to abolish those databases that leave themselves open and exposed online without any security access management.
The attack started newly and hit Elasticsearch and MongoDB instances indiscriminately without leaving any description, or even a ransom note.
Criminals have targeted open databases many times, but those, wherewith the intent of destroying data, but in this case, no data is stolen during the process.
With further exploration using the Shodan Internet-of-Things (IoT) search engine, it has found dozens of databases that have been affected by this attack.
The most recent example of a Meow attack targeted the Elasticsearch of seven VPN providers and left the user data exposed online.
The database was initially secured in July, but unfortunately, it was exposed again five days later. The second time, the owner did not receive any warning; instead, they got ‘meowed, ’ and almost all records got rubbed.
According to Diachenko, there is not much information about the attacker or the motive behind their actions. The attack seems to be an automated script that “overwrites or eradicates the data.”
The origin of the attack is still unknown; Bleeping Computer states that this could be the work of a vigilante “trying to give administrators a hard lesson in security.”
“For those affected by the attacks, it may be better to have your database wiped out than getting it stolen and offered to anyone on the Dark Web, ” reported Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb.
To avoid being victims of the meow attack, administrators should protect their system and avoid exposing them as a result of configurations.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online