Over 1500 on-line databases and counting have been wiped by a secret attacker, for no clear explanation other than they are misconfigured and exposed to the community internet.
Researcher Bob Diachenko was very first to recognize the campaign just after he identified a misconfigured databases belonging to Hong Kong-centered VPN company UFO. Immediately after remaining notified, the business secured the facts, only for it to reappear at a distinctive IP deal with.
This time the attacker pounced, overwriting all information with the text “meow” and a string of random numbers. It seems as if no ransom be aware was left.
“After the exposed data had been secured, it resurfaced a next time on July 20 at a distinctive IP handle – all of the information wrecked now by a new ‘Meow’ bot assault,” tweeted Diachenko before this 7 days. “[The] new Elasticsearch bot attack does not comprise any ransom or threats, just ‘meow’ with a random established of numbers. It is pretty speedy and lookup&wipe out new clusters fairly proficiently.”
According to a Shodan search, there was 1269 impacted Elasticsearch servers globally and 276 MongoDB scenarios strike get the “meow” bot at the time of writing. It’s unclear no matter if the attacker has initial stolen victims’ data or if this is a purely damaging marketing campaign.
Boris Cipot, senior security engineer at Synopsys, described the attacks as a “game changer” which could really inspire companies to stick to security most effective exercise.
“We’re looking at companies hurrying to recognize and safe uncovered databases, which is a much-desired and long overdue move for a lot of companies. It’s alarming that by jogging a single Shodan look for, we’re in a position to see just how lots of unsecured devices and companies are out there – all of which are opportunity attack vectors,” he argued.
“There is the likelihood that the attacker is not abusing the consumer information prior to its deletion. If that is in simple fact the case, meow attacks could essentially be safeguarding users from a lot more monetarily-driven malicious attackers. Whilst the consumer would be impacted possibly way – having just misplaced no matter what information was staying stored on an impacted database – at minimum it would not be held for ransom or sold on the dark web, for occasion.”