Microsoft warns of brute-force attacks targeting MSSQL servers

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords.

While this isn't necessarily the first time MSSQL servers have been targeted in such attacks, Redmond says that the threat actors behind this recently observed campaign are using the legitimate sqlps.exe tool as a LOLBin (short for living-off-the-land binary).

"The attackers achieve fileless persistence by spawning the sqlps.exe utility, a PowerShell wrapper for running SQL-built cmdlets, to run recon commands and change the start mode of the SQL service to LocalSystem," the Microsoft Security Intelligence team revealed.

 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists.

Of these accessible MySQL servers, 2.3 million are connected over IPv4, with 1.3 million devices over IPv6.

While it is common for web services and applications to connect to remote databases, these instances should be locked down so only authorized devices can connect to them.

Furthermore, public server exposure should always be accompanied by strict user policies, changing the default access port (3306), enabling binary logging, monitoring all queries closely, and enforcing encryption.
Full article
 
  • Like
Reactions: upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top