These cyberattacks that erase databases
We are talking about "Meow" cyberattacks that are essentially directed against private companies.
Recently computer incidents have resulted in the loss of 4,000 unsecured databases. The information contained in these databases has been replaced by the word "meow" which gives meow in French, hence the nomenclature of the cyberattack. The attackers do not threaten the victims or demand ransom.
According to observers of this phenomenon, these cyberattacks seem to simply want to punish negligent companies in fact regarding the appropriate cybersecurity measures.
As noted above, thousands of information from more than 4,000 databases has been completely erased by virtual meows. Unfortunately, the companies affected by this incident have not been able to do anything about this problem other than the damage.
However, a computer security researcher had warned last week about the spread of this problem. This is after a security breach affecting the private virtual network provided by the Hong Kong company UFO VPN, which specializes in the subject. Bob Diachenko, the researcher so this is also very well known in the field for the discovery of several data breaches and leaks. As for the Hong Kong-based company, UFO VPN, it has been repeatedly singled out for leaking several apartment data to its open-access clients on the web.
Specifically, the data leak search engine, Shodan, notes that only 3,800 databases have been effectively affected by the Meow cyberattacks. "These attacks do not contain ransom demands or threats, only the word "meow" with a series of random numbers," Diachenko said. In other words, the attackers don't seem to be interested this time, by the lure of gain
"They are a different cyberattack than we have seen in recent months. Rather, it presents itself as a lesson, to show how easy it is to reach companies that neglect their IT security" stress McDermott's associate lawyer Will-Emery and cybersecurity specialist Romain Perray.
On this occasion, the punishment is severe if it really is. You can't call it as many experts think, a warning. Because the data that has been deleted seems to be definitive. Unfortunately, they may one day be able to recover. This means that companies must prepare for the financial consequences of these cyberattacks. Not to mention, too, the legal effects that could result, if the information suppresses there was some importance for the activities of the victim companies.
According to computer security expert Romain Perray, this action can be legitimized by the fact that companies that have been neglected for too long still respect their sum legation in the field of computer security. "We see that even when they adopt certain security measures, they are not sufficient and fall well short of the recommendations of the CNIL and ANSSI. Sometimes there are gaps at the most basic level, such as the robustness of passwords and their renewal," notes the latter. "We always think that computer attacks are in other people's homes. »
According to counsel, if the general opinion believes that it is the remote work measures deployed to meet the need for general containment, in the fight against CoVid-19 is one of the main causes that motivates the explosion of cyber-malleting acts, it should be emphasized that the particular negligence of companies regarding compliance with cybersecurity rules , is particularly harmful. Indeed, it is not uncommon for people to forget to simply protect access to sensitive information with good passwords.
It is safe to assume that the attackers behind these latest incidents are particularly seeking to expose these misbehaviour. In this case, it is clear that the databases that were targeted were in no way protected even by the most rudimentary measure of password. At this point the data was simply blown up to all kinds of malice.
At this time, these acts of cyber malice have not yet been claimed. Investigations that are ongoing have not been able, at least for the time being, to determine who is responsible. However, some cybersecurity experts hope that companies affected by these activities will change their manias. "We always think that computer attacks are in others," notes Romain Perray. "There always needs to be a minimum of protection, even on data that is not critical. ».
Now access an unlimited number of passwords: