MEOW attackers have disabled thousands of Elasticsearch dependent databases in the last month. The attack deletes all current indexes and writes new indexes with the suffix of "-meow", thereby disabling the database.
While nobody seems to know the purpose of the attacks since no demands for payment are connected to it, it seems to be targeted at Elasticsearch clusters that are exposed to the public.
A quick fix to protect yourself, particularly if Elasticsearch is part of a BAAS is to DISABLE HTTP in Elasticsearch configuration and to change the transport tcp port from 9300 to some other obscure port number, both in Elasticsearch and in any REST api front-end to your database.
This seems to remediate the problem in the short term. In the long term, moving to a managed cloud solution seems to be the proper course of action.
Hope this helps!
Top comments (0)