Stories
Slash Boxes
Comments

SoylentNews is people

Ongoing "Meow Attack" has Nuked >1,000 Databases Without Telling Anyone Why

posted by martyb on Thursday July 23 2020, @08:22PM   Printer-friendly
from the script-kitties dept.

upstart writes in with an IRC submission:

Ongoing Meow attack has nuked >1,000 databases without telling anyone why:

More than 1,000 unsecured databases so far have been permanently deleted in an ongoing attack that leaves the word "meow" as its only calling card, according to Internet searches over the past day.

The attack first came to the attention of researcher Bob Diachenko on Tuesday, when he discovered a database that stored user details of the UFO VPN had been destroyed. UFO VPN had already been in the news that day because the world-readable database exposed a wealth of sensitive user information[...]

[...] Besides amounting to a serious privacy breach, the database was at odds with the Hong Kong-based UFO's promise to keep no logs. The VPN provider responded by moving the database to a different location but once again failed to secure it properly. Shortly after, the Meow attack wiped it out.

Since then, Meow and a similar attack have destroyed more than 1,000 other databases. At the time this post went live, the Shodan computer search site showed that 987 ElasticSearch and 70 MongoDB instances had been nuked by Meow. A separate, less-malicious attack tagged an additional 616 ElasticSearch, MongoDB, and Cassandra files with the string "university_cybersec_experiment." That attackers in this case seem to be demonstrating to the database maintainers that the files are vulnerable to being viewed or deleted.

[...] In other cases—including the current Meow attacks—the data is simply wiped out with no ransomware note or any other explanation. The only thing left behind in the current attacks in the word "meow."

Original Submission

 
This discussion has been archived. No new comments can be posted.
Ongoing "Meow Attack" has Nuked >1,000 Databases Without Telling Anyone Why | Log In/Create an Account | Top | 38 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by PartTimeZombie on Thursday July 23 2020, @10:29PM (4 children)

    by PartTimeZombie (4827) on Thursday July 23 2020, @10:29PM (#1025567)

    That is a good idea, but this person might be doing a public service.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 1, Insightful) by Anonymous Coward on Friday July 24 2020, @12:18AM

    by Anonymous Coward on Friday July 24 2020, @12:18AM (#1025596)

    As sad as it is, this is the only way some people will ever learn, and others never will. Thinning the herd makes it stronger.

  • (Score: 0) by Anonymous Coward on Friday July 24 2020, @08:29AM

    by Anonymous Coward on Friday July 24 2020, @08:29AM (#1025703)

    Like this malware is performing a public service?

  • (Score: 0) by Anonymous Coward on Saturday July 25 2020, @08:20PM

    by Anonymous Coward on Saturday July 25 2020, @08:20PM (#1026251)
    If the attack was doing a public service, tampering with the data might be better. Just add a calling card like Trump or something as proof of tampering for later reference.

    Basically you want them to drink from the poisoned well first, rather than destroying the well completely.

  • (Score: 2) by sjames on Sunday July 26 2020, @01:44PM

    by sjames (2882) on Sunday July 26 2020, @01:44PM (#1026564) Journal

    I can't say the world is likely to miss most of those databases, especially the ones the owners claimed they never kepty in the first place...