The selection of databases and companies influenced by the continue to-mysterious “meow” attacks has achieved far more than 25,000.
As of Tuesday, Shodan look for final results for meow indices show 13,571 hacked databases in Elasticsearch and 7,566 MongoDBs. The remaining final results are divided between techniques operating other database software program these types of as Jenkins, Cassandra and far more.
And according to Bob Diachenko, the cyber threat intelligence director for Safety Discovery who observed the very first “meow” assault previous thirty day period, the selection grows every single day. “Meow attacks are continue to here, and I you should not see any indicator of them slowing down,” Diachenko claimed in an electronic mail to SearchSecurity.
The Shadowserver Foundation, a nonprofit infosec corporation, claimed its scans show the selection of influenced MongoDB scenarios has fluctuated in recent days between approximately 5,300 and 7,four hundred databases. A Shadowserver spokesperson claimed the corporation experienced beforehand observed far more than 8,000 MongoDB scenarios wiped by meow attacks but the selection has declined, most likely due to the fact victims have cleaned up their databases.
The vast majority of meow attacks have influenced Elastic and MongoDB prospects, however both equally sellers claimed beforehand that they imagine the attacks have only influenced misconfigured databases that had been accidentally uncovered to the community world wide web with no password defense or entry controls.
While the attacks are on the increase, Shadowserver’s studies for open up MongoDB scenarios reveal that there is certainly been no serious improve in the selection of exposures over the previous thirty day period the media coverage of the attacks and seller-issued alerts you should not show up to have spurred corporations to evaluate their security configurations and lock down their databases.
It is unclear what sorts of corporations have been influenced by the meow attacks, or what the threat actors’ aim is. “We do not have supplemental perception into the motive,” the Shadowserver spokesperson claimed by means of electronic mail. “The vast majority of databases are hosted at various cloud providers (China, US), [but] we have not seemed into who they basically belong to.”
Diachenko earlier this thirty day period uncovered that Adit, a software program seller that specializes in healthcare and dental client administration, experienced experienced an assault that wiped out an ElasticSearch database with particular details for far more than three million people.
“[NEW REPORT] three.1 million patients’ details uncovered by a healthcare software program organization, ES cluster was ‘meow-ed’ and all details wrecked,” he wrote on Twitter.
Diachenko discovered the unsecured database on July 13. “The database incorporates client names, electronic mail addresses, cellphone quantities, and the tactics exactly where people obtain therapy. It was uncovered on the internet with out a password or any other authentication expected to entry it,” Diachenko wrote in the report. “The details was uncovered for at minimum 10 days in advance of the meow bot wrecked it.”