Cute, but no less cat-astrophic than any cyberattack that could lead to legal penalties and reputational damage.
A new cyberattack has been making its rounds, and it was not perpetrated by a cat. One would have thought otherwise, because databases that were attacked had the word “meow” overwriting the data.
The attack appears to be an automated script that destroys or rewrites data, with no ransom note or further signs of contact by the hacker. Now dubbed the “meow” attack, the automated attack randomly targets dozens of unsecured databases that are exposed on the public web. These attacks have triggered a race by the researchers to track down the exposed databases before they get exploited.
Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group said: “Suddenly, impacted users are forced to frantically check that they haven’t reused passwords on various other services. They will also need to contact their bank or other authorities to avoid financial problems or personal data theft. Services, too, will be impacted. The victim organization’s reputation might take a hit, and they will need to expend time and resources to bring everything back into order. In some countries, they may be prosecuted for a breach of data privacy protection or other similar regulations.”
The Meow attack, however, is a game changer, said Cipot. “We’re seeing organizations rushing to identify and secure exposed databases—a much-needed and long-overdue step for many firms. It’s alarming that by running a single Shodan search, we’re able to see just how many unsecured devices and services are out there—all of which are potential attack vectors.”
While no one has yet confirmed the attacker’s motivations, or whether the data had already been exfiltrated prior to destruction, there is the potential that the attacker is not abusing the user data prior to its deletion. “If that is in fact the case, Meow attacks could actually be safeguarding users from more financially-driven malicious attackers,” he said.
“Either way, the key takeaway here is that researchers need to identify unsecured MongoDB and ElasticSearch databases and secure them to avoid being ‘meowed.’”
