iTnews

New Meow bot attacks open ElasticSearch instances

By Juha Saarinen on Jul 22, 2020 8:06AM
New Meow bot attacks open ElasticSearch instances

Hundreds of open instances at risk.

A new automated malware is currently scanning for internet-connected ElasticSearch databases without access controls and overwriting the content in them, an independent security researcher has warned.

Bob Diachenko, who specialises in data breach research, had been looking into virtual network providers leaking log files when he discovered that in one such case, the Meow bot had overwritten information stored in an open ElasticSearch instance.

Unlike past attacks on open databases with ransomware that would encrypt files, the new bot simply destroys indexes by inserting random characters followed by "meow".

"It started a couple of days ago, and is now spreading fast," Diachenko told iTnews.

"No ransom, no threats, just destruction of clusters," Diachenko added.

In some cases however, the Meow bot does not destroy database indices, he said.

Diachenko said that there is currently no indication as to who is behind the Meow bot, or where it originated from.

In 2017, tens of thousands of MongoDB and ElasticSearch instances were attacked by a threat actor using the moniker Krakeno, causing widespread loss of data.

A Shodan.io scan by Diachenko showed over 500 open ElasticSearch instances worldwide, hosted on Amazon Web Services, Microsoft Azure, Google Cloud, Digital Ocean and OVH SAS.

Of the open ElasticSearch instances, five were hosted in Australia.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bob diachenkocloudelasticsearchmeowmongodbsecurity

Partner Content

Don't miss Australia’s premiere IoT Conference on 9th June
Promoted Content Don't miss Australia’s premiere IoT Conference on 9th June
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas
Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Juha Saarinen
Jul 22 2020
8:06AM
0 Comments

Related Articles

  • Azure misconfiguration exposed ISOC members' info
  • RBA pushes first IaaS workload into Azure
  • 5 essential digital transformation ideas
  • Oracle accredited 'certified strategic' gov cloud provider
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

Digital Nation

Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.