Ransomware it is not
On the internet databases are being deleted by what is called a Meow Attack. The hacker never asks for a ransom after the bizarre attack. They just delete the database and insert “Meow” in place of all the files.
Databases like Elasticsearch, MongoDB and systems running Cassandra, CouchDB, Jenkins, and Apache ZooKeeper etc. have been targeted.
What’s the Purpose Behind the Attacks
Maybe the hacker is looking to even the score of some sort. Or maybe they want to remind users to secure their databases like they should have. Sad thing is cyber security 101 is secure whatever you are putting out to the public internet. We all have to remember to change the admin username and password constantly.
One of the first recorded instances of Meow attack targeted an Elasticsearch database belonging to a VPN provider. Bob Diachenko a security researcher discovered the leaked database data. Multiple VPN services leaked the data of over 20 million users.
The Target
Unsecured databases accessed over the internet are the target of Meow Attack. Overwritten files with the word Meow is the only evidence in the attacks.
End Result of Deleted Database
They are running scans of the Internet looking for unsecured databases, that can be modified without credentials. The attacker executes scripts that delete the database.
Security Reminder
The hack will be a constant reminder to secure everything. A result of all this is that we will see increased litigation against companies that neglect to secure data. Constant vigilance is the only way to make sure everything exposed to the Internet is secure.
Read more at: https://www.bleepingcomputer.com/news/security/new-meow-attack-has-deleted-almost-4-000-unsecured-databases/
0
