Security News > 2023 > September > Cybercriminals target MS SQL servers to deliver ransomware
A cyberattack campaign is targeting exposed Microsoft SQL databases, aiming to deliver ransomware and Cobalt Strike payloads.
The attackers target exposed MS SQL servers by brute-forcing access credentials.
A enabled xp cmdshell function also allows attackers to run shell commands on the host and launch several payloads.
Trustwave has recently deployed honeypot servers mimicking nine popular database systems - MS SQL Server, MySQL, Redis, MongoDB, PostgreSQL, Oracle DB, IBM DB2, Cassandra, and Couchbase - in key regions of the world, and quickly discovered that attack activity on MS SQL honeypots accounted for 93% of the total.
MS SQL servers are an attractive target for cybercriminals because they are widely used and they often store valuable data.
"The attack initially succeeded as a result of a brute force attack against a MS SQL server. It was unclear if the attackers were using a dictionary-based, or random password spray attempts. However it's important to emphasize the importance of strong passwords, especially on publicly exposed services," the researchers concluded.
News URL
https://www.helpnetsecurity.com/2023/09/06/ms-sql-cyberattack/
Related news
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Cybercriminals turn to pen testers to test ransomware efficiency (source)
- Russia arrests cybercriminal Wazawaka for ties with ransomware gangs (source)
- BT unit took servers offline after Black Basta ransomware breach (source)