First identified in late July, and automated hacking attack has deleted data from over 4,000 unsecure databases. The targets of these ongoing hacking attacks are unsecured Elasticsearch, MongoDB, and Redis databases. There has yet to be any ransom demands made, so it appears these attacks were specifically designed to delete all data. These threats are being called Meow Attacks because they leave a “meow” signature on server log files.
The Meow Attack is an automated hacking attack. A bot script attacks a site, in this case unprotected databases, by probing for vulnerabilities. The Meow bot seems to exist purely to destroy unsecured databases run with Elasticsearch, MongoDB, and Redis software. Databases that are either not protected by a firewall or do not have SSL encrypted communications are being targeted. The automated attack script overwrites database indexes with random sets of numbers ending with “meow”.
New Elasticsearch bot attack does not contain any ransom or threats, just ‘meow’ with a random set of numbers. It is quite fast and search&destroy new clusters pretty effectively pic.twitter.com/F8Ke3CI64i
— Bob Diachenko (@MayhemDayOne) July 20, 2020
While the Meow database attack has only recently been discovered by Comparitech head researcher Bob Diachenko, it has already affected thousands of databases. Victims include VPN provider UFO VPN, Zimbabwe’s leading online payment platform Paynow, and even Argentina’s Ministry of Public Health.1
The motive behind these Meow attacks and where they are originating from has not been identified. Allegedly, the attacks are going through a VPN IP address provided by ProtonVPN to hide their origin. ProtonVPN said it would be reviewing the suspicious activity to identify and block malicious users.2 As for motive, that still remains unclear. However, some cybersecurity professionals are suggesting the Meow database attacks may be an example of vigilante action trying to highlight vulnerabilities that affect the safety of people’s data.
“They could be the work of a vigilante trying to give administrators a hard lesson in security by raining destruction on unsecured data.” – Ionut Ilascu, Bleeping Computer3
At LightWave Networks, security is a top-priority. We offer colocation services at our Boston colocation facility and Dallas data center. We also offer remote backup services, disaster recovery planning, IP transit services, dedicated servers in Boston and Dallas, managed networking, and more. To learn more about our top-notch IT services and cybersecurity practices, contact us or call 844.722.COLO today!