Polecat, a data analytics firm has been affected by a data breach caused by a misconfigured server, causing more than 30 TB of information to have been accessed by threat actors. According to its website, Polecat offers a combination of data analytics and human experience for organizations around the world to achieve successful management.
In late 2020, researchers at the Wizcase security firm detected a Polecat-linked Elasticsearch server that was leaking a large amount of information on the public Internet without requiring authentication or being protected with encryption. The exposed records date back to 2007 and include details such as usernames, hashed passwords, billions of tweets and registers from other social media platforms, blog posts, and websites.
The records collected by Polecat can be related to all kinds of topics, including firearms, politics, racism and even coronavirus and its consequences. While researchers reported exposing information immediately, malicious hackers might have taken just a few minutes to access this information and download a copy using an attack variant known as MEOW.
It should be noted that a Meow attack consists in replacing the index of a database with the suffix ‘gg-meow’, which can lead to the random destruction of a large amount of information stored in the affected deployments. Researchers mention that about 50% of the information stored by Polecat would have been deleted in two consecutive attacks; eventually the researchers found a ransom note in which hackers demanded a Bitcoin transfer in exchange for recovering the compromised information to its operators.
Wizcase’s report notes that this is an increasingly common type of attack targeting databases available on the Internet without adequate security measures. Moreover, even though all the records exposed are public, the database could have been downloaded for sale to any Competitor of Polecat, directly committing its operations.
A few hours after receiving this report, Polecat security teams shut down access to compromised information, so no new related incidents are expected. At the moment it is ignored whether the company will initiate a negotiation process with the threat actors for the recovery of the affected information. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
