Cybercriminals target MS SQL servers to deliver ransomware

2023-09-06 12:53

A cyberattack campaign is targeting exposed Microsoft SQL databases, aiming to deliver ransomware and Cobalt Strike payloads.

The attackers target exposed MS SQL servers by brute-forcing access credentials.

A enabled xp cmdshell function also allows attackers to run shell commands on the host and launch several payloads.

Trustwave has recently deployed honeypot servers mimicking nine popular database systems - MS SQL Server, MySQL, Redis, MongoDB, PostgreSQL, Oracle DB, IBM DB2, Cassandra, and Couchbase - in key regions of the world, and quickly discovered that attack activity on MS SQL honeypots accounted for 93% of the total.

MS SQL servers are an attractive target for cybercriminals because they are widely used and they often store valuable data.

"The attack initially succeeded as a result of a brute force attack against a MS SQL server. It was unclear if the attackers were using a dictionary-based, or random password spray attempts. However it's important to emphasize the importance of strong passwords, especially on publicly exposed services," the researchers concluded.

News URL

https://www.helpnetsecurity.com/2023/09/06/ms-sql-cyberattack/

#cybercriminal #ransomware #server #SQL #sqlserver

News URL

Related news