The modern world of hacking and cyber-crime is ruled by profit-seeking criminals and covert actors. However, roughly two decades ago, it was a province of lone rogue hackers spreading viruses with no expectation of material gains. Sometimes it was a juvenile prank; at others, people were looking to make a name for themselves or even engaging in some activism. Of late, a new type of cyber-attack called “Meow” has emerged, which is a throwback to those seemingly more innocent times. Meowing attacks seek out exposed databases and simply wipes them out without any preamble or afterword.
The hackers behind these attacks leave no calling card and seemingly want nothing from these attacks. It is unclear what the purpose is, but such an attack may sometimes actually be preferable to a data breach.
What are “meow attacks”?
The Meow bot appears to exist purely to destroy the databases left open and exposed online without any security access controls. Meow attack is named so because the automated attack script overwrites database indexes with random numerical strings and leaves “meow” appended.
The new cyber-attack appears to be a bot that seeks and destroys exposed databases running Elasticsearch, Redis or MongoDB software. The name comes from it overwriting the word “meow” repeatedly in each database index that it finds. The bot overwrites all of the data, effectively destroying the contents of the database.
The bot appears to only target databases that do not have security access controls enabled. It was discovered by Comparitech head researcher Bob Diachenko, who characterized it as being fast and effective in seeking out new targets that have failed to secure access properly. The first database to be destroyed was that of UFO VPN, which had recently been in the news for an unrelated breach that exposed all sorts of sensitive customer information, including plain text passwords and VPN session tokens. The Meow cyber-attack wiped out the service after it was moved to yet another exposed database following the original breach.
More than 4000 databases deleted
A search on Shodan shows that Meow attacks have escalated in recent months, with almost 4,000 databases falling victim to it. While more than 97% of the attacks hit Elasticsearch and MongoDB instances, systems running Cassandra, CouchDB, Redis, Hadoop, Jenkins, and Apache ZooKeeper have also been targeted, writes Bleeping Computer.
RailYatri’s exposed data deleted by “Meow Attacks”
Around 43GB of customer and corporate data belonging to RailYatri, the company behind one of India’s most popular travel booking sites, was exposed before it was deleted by the infamous “Meow” attacker. A team at SafetyDetectives discovered an Elasticsearch server without password protection or encryption on August 10. However, that was too late to save most of the information stored there as the Meow bot struck on August 12 and deleted all but 1GB of data.