Over 1000 unsecured databases have been completely wiped out and attackers leave no trace except for the word “meow”.
Since then, Meow and a similar attack have destroyed over 1,000 other databases. At the time this post went live, computer research site Shodan showed that 987 ElasticSearch instances and 70 MongoDB instances had been bombarded by Meow. A separate, less malicious attack tagged 616 additional ElasticSearch, MongoDB, and Cassandra files with the string “university_cybersec_experiment”. Attackers in this case appear to demonstrate to database maintainers that the files are vulnerable to viewing or deletion.
Better to erase than to violate, right?
Check it out: Sorry Catnip Won’t Protect You Against Meow’s Attack