Security News > 2023 > October > Microsoft: Hackers target Azure cloud VMs via breached SQL servers
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.
The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.
This enables the threat actors to gain access to the SQL Server instance hosted on Azure Virtual Machine with elevated permissions to execute SQL commands and extract valuable data.
Next, the attackers attempted to exploit the cloud identity of the SQL Server instance to access the IMDS and obtain the cloud identity access key.
Microsoft suggests using Defender for Cloud and Defender for Endpoint to catch SQL injections and suspicious SQLCMD activity, both employed in the observed attack.
New Microsoft Azure AD CTS feature can be abused for lateral movement.
News URL
Related news
- Microsoft fixes Windows Server performance issues from August updates (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)