Security News > 2022 > May > Microsoft warns of brute-force attacks targeting MSSQL servers

Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server database servers using weak passwords.
Similar attacks against MSSQL servers were reported in March when they were targeted to deploy Gh0stCringe remote access trojans.
In a previous campaign from February, threat actors compromised MSSQL servers to drop Cobalt Strike beacons using the Microsoft SQL xp cmdshell command.
For years, MSSQL servers have been targeted as part of massive campaigns where malicious actors attempt to hijack thousands of vulnerable servers daily for various end goals.
In one such series of attacks spanning almost two years, threat actors backdoored between 2,000 and 3,000 servers with RATs after brute-forcing publicly exposed servers to deploy Monero and Vollar cryptominers.
Admins are advised not to expose them to the Internet to defend their MSSQL servers against such attacks.
News URL
Related news
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)