One fine morning, Western Digital (WD) My Book Live NAS owners woke up to erased data. Petabytes of data were wiped off from the platform in a nick of time. Meow attacks are those where hackers nuke unsecured databases to delete files. It was quite a rare occurrence in 2020. Has WD become a victim of one of those attacks?
Making the headlines
A mysterious group frantically issued a factory reset command for all the files pertaining to MyBook Live and Book Live DUO users, locking them out of their devices.
- Initially, experts pointed to an unaddressed vulnerability from 2018, tracked as CVE-2018-18472, suggesting it was the root cause behind the successful intrusion.
- Further investigation into the matter revealed that criminals exploited a zero-day, now being tracked as CVE-2021-35941, to delete data.
- According to WD, the vulnerability was introduced in 2011, a year after the drives were introduced.
- While the first vulnerability facilitated actors with root access, the other one could turn part of devices into a botnet.
Researchers’ dilemma
Researchers have confirmed that hackers exploited both the flaws in the wild. But they couldn’t understand:
- Why did hackers turn My Book Live devices into a botnet, then wipe and reset everything?
- Why did there occur a need for user authentication bypass when they already had root access?
- Experts opined that the mass wipe and reset was probably performed by different cybercriminal groups and they could be rivals.
- If the theory holds true, this incident stands out as an exception for Meow attacks.
- As of now, more details on the incidents are awaited.
One more victim and unsecured databases
- In a similar incident last week, the entire database for personal newsreader website NewsBlur was wiped out, knocking its network offline.
- Earlier this month, CVS Health, Mercedes-Benz USA, and DreamHost were spotted leaking gobs of data via misconfigured databases.
Summary
Data wiping threats, aka meow attacks, have returned after a hiatus of about a year. Not installing patches for identified flaws for months or years is a sign of organizations’ lax approach toward data security. The device maker, meanwhile, has advised users to immediately disconnect their devices from the internet.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_389659237.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_364233653.jpg)
