- Meow Attacks MongoDB and Elasticsearch
- Meow Attack wiped data of 4000+ Databases
What is a Meow bot?
Meow bot is a type of cyber attack, to destroy those databases that leave themselves open. Meow bot appears to crash those databases that are exposed online without any security access controls. It is termed as Meow because it is an automated attack script that overwrites the database indexes, with some random numerical strings. In every indexes, it appends the term “meow” in the last. This process effectively wipes the data from the database, like in the case of Elasticsearch and MongoDB databases.
Meow attack wiped MongoDB ElasticSearch Databases
Databases being “meowed” is a new threat to the technical geeks. It has only been spotted by researchers in the recent days. A simple search by Shodan on the IoT search engine initially found hundreds of databases affected by that attack. Shodan is quite popular with the Security Researchers. Recently, Meow Cyber Attack has wiped data of more than 4000 Databases. Such attacks force the researchers into a race to locate the exposing databases into safe zone. Researchers report them safely before they get hit with meow attacks.
One of the first instances of a widely publicized Meow attack is a VPN provider’s Elasticsearch databases that reported to have left a database of logs exposed. However, the owner didn’t receive a well-intended email the second time. They were then meowed, deleting almost all records. He was among seven others whose databases was Meowed.
Security analyst, Bob Diachenko, quotes “It is quite fast”. Bob says this meow attack can search and destroy new clusters “pretty effectively.”
Meow Cyber Attack wiped data of 4000+ Databases
Meow attack tends to exist solely to delete those “unsecured databases” which are accessible to the public. Elasticsearch and MongoDB databases was a prime target against Meow hacking attacks. Both these Databases are accessible to the common mass. Further devastating point is that both these databases are not fully protected. The Meow attack removed all records from these two databases. There is no notification or any Ransom demands from the attacker side. They just leave a meow signature in the server log data. Experts says databases that do not have secured firewall and open to the public, are prone to frequent meow attacks. The devices that do not have SSL communications encrypted, are an easy prey to these attacks.
In the last of July, 2020, BleepingComputer saw that ‘meow’ attacks primarily affected 1800 databases. Elasticsearch databases (1,395), followed by MongoDB (383), and Redis (54) were the major Meowed databses. ElasticSearch and MongoDB are over 97 percent of them. presently, at the time of writing this article, Meow Cyber Attack wiped data of 4000+ Databases.
Meow Bot – An Automated Attack Script
Cyber threat Specialist at Security Discover, Bob Chiachenko has acknowledged that the Elasticsearch hacking attack happened on July 20, 2020. He also says that there were no demands for any ransom or any alerts from the attacker side. It was an attack scheduled specifically for deleting all the records. Normally the hacking attacks are automatic. A bot script targets a site by looking for known vulnerabilities, including unsecured ports and insecure files. The procedure for unlocked cars is similar to a criminal walking down a street testing door handles. The meow attack is an automatic attack bot script on databases, too.
ProtonVPN Clearly Detected Meow Attacks
Someone posted screenshots of a MongoDB database assault to a log file on Twitter. This showed the attacks were going through a VPN IP address on that server to mask the true origin of the attack. ProtonVPN Virtual Private Network ( VPN) replied via Twitter by promising to monitor the behavior and block malicious users who breach its terms and conditions.
Eight effective ways to secure databases like MongoDB and Elasticsearch
- Identify critical data: Analyze and determine which information is essential to secure. It is a must step to understand the logic and architecture of the database. This makes it easier to decide where and how sensitive data will be storing.
- Encrypt information (TLS/SSL): If the sensitive and confidential data is detected, use robust algorithms to encrypt such data. Configure TLS/SSL to encryption communication between all database components and connected applications.
- Control Access: Limit network Exposure. Allow Access to only whitelisted IP Addresses which requires access to the database.
- Enable RBAC: Setup Role-Based Access Control for each user/application. The more permissions and rights we limit, the better way, we can protect the Databases. Review users access and rotate their Password/Keys periodically.
- Anonymization : Produce a duplicate version of the original data, while retaining the same structure as the original. This is known as Anonymization. This method helps to change the confidential data in such a way that it remains secure.
- Monitor Database activity: Database activity monitoring (DAM) Softwares will be used to monitor data actively. Having a full transaction history helps to understand the trends of data access and alteration. Thus prevent leakage of information, monitor fraudulent changes, and detect suspicious activity in real-time.
- Database UpDate: Regular updates to the latest version, reduces the risk of Cyber attacks.
- External scanning systems : set up external scanning systems to track exposed databases on a regular basis.
Attacks on unsecured public databases are frequent. In the case of meow, the malware deleted the Database indexes and inserted some random strings followed by the word “meow”.
Continuous attacks on Tech-Giant data assets show that Enterprises need to become more aware to protect sensitive databases. Database minds need to protect the data and records stored on their public Databases. They need to restrict the unauthorised users access, specially, over unsecured public cloud storage servers.