Over 1,000 insecure databases have been completely erased, and the attackers leave no trace except the word “meow.”
Since then, Meow and a similar attack have destroyed more than 1,000 other databases. At the time this post went live, the Shodan computer search site showed that 987 ElasticSearch and 70 MongoDB instances had been nuked by Meow. A separate, less-malicious attack tagged an additional 616 ElasticSearch, MongoDB, and Cassandra files with the string “university_cybersec_experiment.” The attackers in this case seem to be demonstrating to the database maintainers that the files are vulnerable to being viewed or deleted.
Better erased than breached, right?
Check It Out: Sorry, Catnip Won’t Protect You Against the Meow Attack
I have to wonder: is all this the work of one lone feline, or did one cat start meow-ing publicly accessible data and out pounced the copy-cats?