3

Recently, there has been some news articles about unsolicited attacks on unsecured public facing Elastic and Mongo databases. These are commonly being called "Meow" attacks, resulting in entire databases being deleted without ransom or warning.

My question is:

  • What is the nature of the attack (How is the database being targeted and/or exploited, and what is the impact of the attack? Is it just database deletion or is the server itself also compromised?)
  • How can someone confirm they are at risk (their database is unsecured and public facing, i.e. are there default ports and/or credentials?)
  • If someone has an exposed database, what steps can they take to protect it?
MDMoore313
  • 978
  • 9
  • 14
  • I think that while your very first question is answerable, the rest aren't really. It may not be clear yet if meow is compromising the servers in other ways, although it doesn't seem like it is. How can you confirm it is unsecured and public facing? By checking to see if it is insecure and public facing. A more detailed answer could be given for specific technologies, but in general that question pretty much is its only answer. If you have an exposed database, how do you protect it? By making sure it is no longer exposed. – Conor Mancone Jul 28 '20 at 18:23
  • @ConorMancone `A more detailed answer could be given for specific technologies...` I listed specific technologies in my question, what I know to be the technologies specifically being targeted. The goal is to get some facts established to help people searching for fixing this on the internet. I agree there is a subset of us who can do without it, but recent events show there are a large number of people who aren't sure how to protect their databases. – MDMoore313 Jul 28 '20 at 20:03

0 Answers0