Publically accessible not fully protected Elasticsearch and MongoDB databases have been targeted against Meow hacking attacks that removed all records. There is no notification or any Ransom demands. They just leave a meow signature in the server log data. The attacks targeted unsecured Elasticsearch and Mongo databases. This may mean databases that do not firewall secured and open to the public. There may also be devices that do not have SSL communications encrypted. Meow bot attack tends to exist solely to delete those databases which are accessible publically. Instead, it revealed online without any restrictions on security access.
A simple search by BleepingComputer Shodan on the IoT search engine initially found hundreds of databases affected by that attack. The number of wiped databases recently rose to more than 1,800. Such attacks force the researchers into a race to locate the exposing databases and report them safely before they are meowed.
One of the first instances of a widely publicized Meow attack is a VPN provider’s Elasticsearch databases that appear to have no logs. However, the owner didn’t receive a well-intended email the second time. They were then meowed, deleting almost all records. However, At the time of writing, BleepingComputer saw that ‘meow’ attacks primarily affected Elasticsearch databases (1,395), followed by MongoDB (383), and Redis (54). Elastic and MongoDB are over 97 percent of them.
Security analyst Bob Chiachenko has acknowledged the Elasticsearch hacking attack happened on July 20, 2020. He also noticed that there were no demands for ransom or any alerts. It was an attack schedule specifically for deleting all the records. Normally the hacking attacks are automatic. A bot script targets a site by looking for known vulnerabilities, including unsecured ports and insecure files. The procedure for unlocked cars is similar to a criminal walking down a street testing door handles. The meow attack is an automatic attack on databases, too.
Someone posted screenshots of a Mongo database assault to a log file on Twitter. This showed the attacks were going through a VPN IP address on that server to mask the true origin of the attack. ProtonVPN Virtual Private Network ( VPN) replied via Twitter by promising to monitor the behavior and block malicious users who breach its terms and conditions.
Here are seven best ways to secure databases like MongoDB and Elasticsearch.
Tracking such leaks as soon as possible is becoming a challenge. Moreover, this decreases the amount of time needed to study and report. Whoever is behind the ‘meow’ attacks would possibly continue to threaten unsecured databases, destroying them violently. Administrators should ensure that they reveal only what needs to be revealed and ensure proper protection of the properties.
In Elasticsearch Service on Elastic Cloud, protection is allowing for our cloud users by default, and can not be disabled. Elastic Cloud customers are also not vulnerable to the problems that occurred in the meow bot attacks. Another free way to prevent such accidents is to set up external scanning systems that track exposed databases on a continuous basis.
Did you know that more than 46% of cyberattacks are directed at companies with fewer than 1000…
Digitalization has both pros and cons. However, one of the major disadvantages that each of…
The concept of machine learning is completely changing the world and revolutionizing various sectors. But…
Did you know that in the year 2023, around 353 million faced digital breaches that could potentially…
How safe is your internet browsing experience? In a world where cyberattacks have become common,…
With the penetration of cyber threats every minute, cybersecurity has become critical in the personal…
TheEncrypt uses cookies.