Meow Attack

A new attack that searches for unsecured databases and deletes the data without explanation has been found by researchers. This attack, dubbed “Meow,” due to the fact that the attacker renames databases, tables and indices by appending “-meow” to the end of the original names, was verified by BleepingComputer with the use of the Shodan search engine. It appears to have affected dozens of databases in the last few days. Many of the exposed databases had been responsibly reported to the database owners earlier by volunteer researchers, but if they were not secured immediately, the databases were destroyed—sometimes mere hours after the owners were contacted. The most recent attack was against a VPN provider that claimed to not keep any logs but had an unsecured Elastisearch database with user activity. Their database was “meowed” with all records of the database wiped. The researcher, Bob Diachenko, told BleepingComputer that there are not many details about the attacker or their intentions–simply that it appears to be an automated script that “overwrites or destroys the data completely.” It is theorized that the attacker could be a vigilante trying to give administrators a lesson on securing databases by destroying unsecured ones. Currently, the attacks appear to be directed at the Elasticsearch and MongoDB platforms.