It's a Meow-nixed system, I know this: Purr-fect storm of 3,000+ insecure databases – and a data-wiping bot

2020-07-24 21:18

Poorly secured databases are being wiped and vandalized by the thousands in a seemingly automated attack.

The nuked databases were left facing the internet by their administrators so that anyone can read and write them, access that malicious software dubbed the Meow bot took advantage of to wreck the information silos.

Crucially, Diachenko noticed the silo was then wiped by a miscreant, who replaced databases with random strings and the word "Meow" appended.

In each case, the targets were databases that had been left exposed without any password or authentication protection.

"We are dealing with an automated script here which targets noSQL databases, such MongoDB and Elasticsearch. From the logs in MongoDB, we can see it drops databases first then creates new ones with $randomstring-meow," Diachenko told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/07/24/meow_database_attack/

#BOT #database