Security News > 2022 > May > Microsoft warns of brute-force attacks targeting MSSQL servers
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server database servers using weak passwords.
Similar attacks against MSSQL servers were reported in March when they were targeted to deploy Gh0stCringe remote access trojans.
In a previous campaign from February, threat actors compromised MSSQL servers to drop Cobalt Strike beacons using the Microsoft SQL xp cmdshell command.
For years, MSSQL servers have been targeted as part of massive campaigns where malicious actors attempt to hijack thousands of vulnerable servers daily for various end goals.
In one such series of attacks spanning almost two years, threat actors backdoored between 2,000 and 3,000 servers with RATs after brute-forcing publicly exposed servers to deploy Monero and Vollar cryptominers.
Admins are advised not to expose them to the Internet to defend their MSSQL servers against such attacks.
News URL
Related news
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)