A new attack called “Meow” was found wiping unsecured databases across the internet. While the author behind this automated script is still unknown, the meow attack has successfully wiped out at least 4,000+ databases until now, according to researchers.
Any hacker attacking an organization or any of its infrastructures would generally have a purpose, which is either money or sensitive data. But here, the unknown author behind this series of attacks has none, or probably attention! Here’s what’s happening with the Meow attacks recently.
Meow Attack Wipes Out 4,000+ Open Databases!
Initially detected by Bob Diachenko, a security researcher who found an open database of a UFO VPN service being deleted. The VPN hailing from Hong kong has claimed to keep no logs but was shamed when it, along with several other free VPNs, were notified about their shared database last week.
Though UFO VPN stated it’s shifting away it’s a database from that exposed server, its improper setup has failed it again to let wipe the database by Meow attack! Victor Gevers of the GDI foundation too have seen initial attacks on MongoDB databases and expanding to others eventually.
The author behind this attack has started attacking MongoDB and ElasticSearch instances and spread across all open databases and file systems based on CouchDB, Redis, Cassandra, Hadoop, Jenkins, etc. Researchers say the automated script of Meow attacks are targeting and wiping out all the exposed databases online.
As of writing, reports from BleepingComputer says the databases got wiped out by the Meow are over 4,000+, and is still going on! This made security researchers to race for finding out such vulnerable databases and report them to their owners to secure up immediately.
Neither the author nor the intention behind these attacks is known till now, as there’s no hint of ransom notes or demands explained.