Researchers at Aquasec have found cybercriminals targeting unsecured Jupyter notebooks in the new Meow attack campaign. In fact, the automated 'meow' attack is currently targeting hundreds of publicly accessible databases on the web.
What’s the new update?
According to researchers, the attackers accessed a misconfigured Jupyter Notebook instance to run their code, hopefully, found using a Shodan search.
- While the infrastructure of the attackers is still under investigation, a total of 1,283 distinct IP addresses have been targeted by them.
- Attackers reportedly initiated a dash shell to gather information about victims such as their user ID, processor type, architecture, and operating system name and release.
- Next, the attackers downloaded a malicious script from a shared file server and executed it on the notebook after installing the necessary Python packages.
Other findings
- Interestingly, the attackers used Python scripts to target databases, maintaining an unusual modus operandi.
- A script named ‘foo’ was found across 1,354 IP addresses targeting databases utilizing Elasticsearch and MongoDB.
- AquaSec’s researchers also captured a script named ‘bar’ targeting unsecured Hadoop clusters.
Meow attacks not be taken lightly
As these attacks are automated and leverage known vulnerabilities to target unsecured internet-facing databases, they can cause a global menace and serious damage to the companies.
For instance, in 2021, Western Digital fell prey to Meow attacks that erased around petabytes of data. Millions of data belonging to a famous cosmetic brand Yves Rocher were wiped out by Meow attackers. These criminals have wiped out data from over 4,000 databases, including Cassandra, CouchDB, Redis, Hadoop, Jenkins, and Apache ZooKeeper.
Conclusion
Meow attacks are back in the news after a gap of over one year, hunting down new targets. Databases at organizations must be scrutinized to identify any security gaps, on a regular interval. Moreover, implement MFA across the devices that store confidential data of your organization.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/6e0b_shutterstock_418940485.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_533371321.jpg)
