Meow hari ne da ke ci gaba da samun ƙarfi kuma wannan shine kwanaki da yawa yanzus an sake labarai daban-daban wanda wasu hare-haren da ba a san su ba suna lalata bayanai a wuraren da ba a kiyaye su Elasticsearch da MongoDB damar jama'a.
Bayan haka Har ila yau, an yi rikodin lokuta na tsaftacewa (kusan 3% na duk waɗanda aka cuta a cikin duka) don bayanan bayanan da ba su da kariya dangane da Apache Cassandra, CouchDB, Redis, Hadoop, da Apache ZooKeeper
Game da Meow
Ana aiwatar da harin ta hanyar bot wanda ya lissafa tashar jiragen ruwa na DBMS na hali. Nazarin harin da aka kai kan wata sabgar uwar garken zuma ya nuna hakan ana yin haɗin bot ta hanyar ProtonVPN.
Dalilin matsalolin shine bude hanyar samun damar jama'a zuwa rumbun adana bayanai ba tare da ingantattun saitunan tantancewa ba.
Ta hanyar kuskure ko rashin kulawa, mai neman buƙatun ya haɗa kansa ba da adireshin cikin gida 127.0.0.1 (localhost) ba, amma ga duk hanyoyin sadarwa, gami da na waje. A cikin MongoDB, ana haɓaka wannan halayyar ta hanyar daidaitawar samfurin wanda aka bayar ta tsoho, kuma a cikin Elasticsearch kafin sigar 6.8, sigar kyauta ba ta goyi bayan sarrafa damar ba.
Tarihi tare da mai bada VPN «UFO» yana nuni, wanda ya bayyana tarin bayanan 894GB Elasticsearch data.
Mai ba da sabis ɗin ya sanya kansa cikin damuwa game da sirrin mai amfani kuma ba adana bayanai. Sabanin abin da aka faɗi, akwai bayanai a cikin rumbun adana bayanan Bayyanan abubuwa waɗanda suka haɗa da bayani game da adiresoshin IP, hanyar haɗin zaman zuwa lokaci, alamun wurin mai amfani, bayani game da tsarin aikin mai amfani da na'urar, da jerin sunayen yankuna don saka tallace-tallace a cikin zirga-zirgar HTTP mara kariya.
Har ila yau, bayanan na dauke da kalmomin shiga na rubutu mai haske da mabuɗan zama, wanda ya ba da damar sake shigar da zaman da aka killace.
Mai ba da sabis na VPN «UFO» an sanar da shi game da batun a ranar 1 ga Yuli, amma sakon bai kasance ba har tsawon sati biyu kuma an sake aikawa da buƙatun ga mai ba da sabis ɗin a ranar 14 ga Yuli, bayan haka bayanan bayanan sun kare a ranar 15 ga Yuli.
Kamfanin ya amsa sanarwar ta hanyar matsar da bayanan zuwa wani wuri, amma kuma ya kasa tabbatar da shi da kyau. Ba da daɗewa ba, harin Meow ya shafe ta.
Tun a ranar 20 ga Yuli, wannan bayanan bayanan ya sake bayyana a cikin yankin jama'a akan wani IP. A cikin 'yan awoyi, kusan duk bayanan an cire su daga cikin bayanan. Nazarin wannan goge ya nuna cewa yana da alaƙa da wani mummunan hari da ake kira Meow daga sunan alamun da aka bari a cikin bayanan bayan sharewar.
"Da zarar an amintar da bayanan da aka fallasa, sai ya sake bayyana a karo na biyu a ranar 20 ga watan Yuli a wani adireshin IP na daban: duk bayanan da aka rusa sun lalata wasu hare-hare ta mutum-mutumi 'Meow'," Diachenko ya wallafa a shafinsa na Twitter a farkon wannan makon. .
Victor Gevers, shugaban gidauniyar mai zaman kanta GDI, shima ya ga sabon harin. Ya yi ikirarin cewa mai wasan kwaikwayon yana kai hare-hare ga bayanan bayanan MongoDB. Mai binciken ya lura a ranar Alhamis cewa duk wanda ke bayan harin ya bayyana cewa yana niyya ne ga duk wani rumbun adana bayanan da ba amintattu ba kuma za a iya amfani da su ta Intanet.
Bincike ta hanyar sabis na Shodan ya nuna cewa wasu karin sabobin da yawa suma sun zama wadanda aka cire. Yanzu adadin bayanai masu nisa suna gabatowa 4000 wanda mFiye da 97% daga waɗannan sune bayanan Elasticsearch da MongoDB.
A cewar LeakIX, aikin da ke nuna ayyukan budewa, Apache ZooKeeper shima an yi niyya. Wani harin da ba shi da wata illa kuma ya sanya tambarin fayilolin ElasticSearch 616, MongoDB da Cassandra tare da zaren "university_cybersec_experiment".
Masu binciken sun ba da shawarar cewa a cikin wadannan hare-haren, maharan sun bayyana ne don nuna wa masu kula da adana bayanan cewa fayilolin na da saukin gani ko sharewa.