Unsecured databases exposed on the public web are once again being targeted but this time they’re falling victim to automated ‘meow’ attacks that wipe their data without any explanation or even a ransom note.
This new wave of attacks began recently and both Elasticsearch and MongoDB instances are being targeted by an unknown attacker. Security researchers have responded accordingly and they’re now on the lookout for exposed databases so that they can warn their owners before they become ‘meowed’.
The Hong Kong-based VPN provider UFO VPN is the most recent example of a company whose Elasticsearch database was hit by a meow attack. Comparitech’s Bob Diachenko first discovered the unsecured database at the beginning of July and warned the company about it.
UFO VPN then took steps to secure its database. However, just five days later the data became exposed again. It was then that the database got ‘meowed’ and almost all of the records it contained were wiped.
Meow attacks
These new ‘meow’ database attacks were first observed by researchers only a few days ago. As of now, it is still unclear as to whether these attacks were launched by a hacker trying to hurt companies that failed to secure their databases or a vigilante who is trying to teach them a lesson. Either way ‘meow’ attacks are very serious and businesses hit by them stand to lose all of their unsecured data.
In addition to Diachenko, chairman of the non-profit GDI Foundation Victor Gevers has also observed these kinds of attacks in the wild. Gevers told BleepingComputer that the actor behind the attacks is also targeting exposed MongoDB databases and trying to wipe as many as they can.
While data leaks from unsecured Elasticsearch and MongoDB instances on the public web have declined in recent years as database owners have taken steps to better secure their data, there is still a great deal of sensitive information currently exposed online.
If you or your businesses has a database online, it is essential that you take steps immediately to make sure that your database is secured to prevent falling victim to a ‘meow’ attack.
Via BleepingComputer
