Ongoing Meow assault has nuked >1000 databases with out telling anyone why


Ongoing assault hitting unsecured info leaves the note “meow” as its calling card.

Dan Goodin

Cat hisses at camera.

Higher than 1,000 unsecured databases to this level were permanently deleted in an ongoing assault that leaves the note “meow” as its fully calling card, in response to Internet searches all the design in which by the last day.

The assault first came to the glory of researcher Bob Diachenko on Tuesday, when he learned a database that stored person diminutive print of the UFO VPN had been destroyed. UFO VPN had already been in the news that day for the explanation that world-readable database exposed a wealth of refined person info, in conjunction with:

  • Memoir passwords in ghastly textual bid material
  • VPN session secrets and tokens
  • IP addresses of every and each one gadgets and the VPN servers they linked to
  • Connection timestamps
  • Geo-tags
  • Tool and OS traits
  • Obvious domains from which ads are injected into free users’ Internet browsers

Apart from amounting to a essential privateness breach, the database became once at odds with the Hong Kong-basically basically based UFO’s promise to care for no logs. The VPN provider spoke back by provocative the database to a definite pronounce nonetheless once extra did now not precise it properly. Rapidly after, the Meow assault wiped it out.

Representatives of UFO didn’t at the moment answer to an electronic mail searching for comment.

Since then, Meow and a an identical assault score destroyed extra than 1,000 numerous databases. At the time this post went dwell, the Shodan laptop search put of abode showed that 987 ElasticSearch and 70 MongoDB conditions had been nuked by Meow. A separate, less-malicious assault tagged an extra 616 ElasticSearch, MongoDB, and Cassandra info with the string “university_cybersec_experiment.” That attackers in this case appear to be demonstrating to the database maintainers that the details are at disaster of being viewed or deleted.

Merely for fun

It’s now not the first time attackers score focused unsecured databases, which score change into an increasing number of standard with the growing exhaust of cloud computing companies and products from Amazon, Microsoft, and numerous suppliers. In some conditions, the inducement is to originate cash by ransomware rackets. In numerous conditions—in conjunction with the contemporary Meow attacks—the details is barely wiped out without a ransomware show or any numerous rationalization. The fully element left in the encourage of in the contemporary attacks in the note “meow.”

One database affected by the Meow attack.

One database tormented by the Meow assault.

“I judge that in most [of the latter] conditions, malicious actors in the encourage of the attacks originate it stunning for fun, because they are able to, and since it’s a ways genuinely straight forward to originate,” Diachenko told me. “Thus, it’s a ways but every other warning demand the alternate and companies which ignore cyber hygiene and lose their info and data of their prospects in a blink of an scrutinize.”

Because the head of evaluate for safety company Comparitech, Diachenko usually scans the Internet for databases that repeat info as a results of now not being secured by a password. The attackers seem like running an identical searches, and once they name databases that will possible be modified with out credentials, the attackers design scripts that delete the details. He stated that the Meow attacks were underway for a few days and showed no signal of letting up. He stated he anticipated the selection of affected databases to double in the next day.

Of us asserting any cloud-basically basically based databases would possibly maybe presumably presumably furthermore impartial silent be definite that they are safe in response to the provider’s guidelines.

  • Leave a Comment