Plus 56 percent: More attacks on Microsoft SQL Server 

Kaspersky_news

Share post

Attacks via Microsoft SQL Server increased by 56 percent in September this year compared to last year. Malware disguised as a .PNG file was identified. These findings come from Kaspersky's latest Managed Detection and Response Report.

Microsoft SQL Server is used worldwide by large companies and SMEs for database management. Kaspersky experts have identified an increase in attacks exploiting Microsoft SQL Server processes. In September 2022, the number of attacked SQL servers was more than 3.000; this corresponds to an increase of 56 percent compared to the same period of the previous year.

Protection for MS SQL Server is neglected

"Despite the widespread use of Microsoft SQL Server, companies do not give it enough priority to protect it," said Sergey Soldierov, head of the Security Operations Center at Kaspersky. “Attacks using malicious SQL Server jobs have long been known, but are still used by cybercriminals to gain access to a company's IT infrastructure. The attackers attempted to change the server configuration to gain access to the shell and run malware through PowerShell. The compromised SQL Server then tried to run malicious PowerShell scripts that connected to external IP addresses. The PowerShell script runs malware masquerading as .PNG files from this external IP address with the 'MsiMake' attribute. This is similar to the behavior of the PurpleFox malware.”

Recommendations for organizations to protect against cyber threats

  • Always keep the software of all devices used up to date in order to prevent attackers from being able to penetrate the company network by exploiting vulnerabilities. Patches for new vulnerabilities should be installed immediately, since threat actors can no longer exploit a vulnerability that has been closed in this way.
  • Latest threat intelligence information helps cybersecurity professionals learn about attackers' current TTPs.
  • Implement a reliable endpoint security solution like Kaspersky Endpoint Security for Business, which is equipped with behavior-based detection and anomaly control to provide effective protection against known and unknown threats.
  • Kaspersky Managed Detection and Response helps detect and stop complex attacks at an early stage. In the event of an incident, the Kaspersky Incident Response service helps to respond to it and minimize the consequences.
More at Kaspersky.com

 

Matching articles on the topic

Companies spend 10 billion euros on cybersecurity

Germany is arming itself against cyber attacks and is investing more than ever in IT and cyber security. In the current year the ➡ Read more

Qakbot remains dangerous

Sophos X-Ops has discovered and analyzed a new variant of the Qakbot malware. These cases first appeared in mid-December and they ➡ Read more

VexTrio: most malicious DNS threat actor identified

A DNS management and security provider has exposed and blocked VexTrio, a complex criminal affiliate program. This increases cybersecurity. ➡ Read more

A comeback from Lockbit is likely

It is fundamentally important for Lockbit to be visible again quickly. Victims are presumably less willing to pay as long as there are rumors ➡ Read more

LockBit is alive

A few days ago, international law enforcement authorities scored a decisive blow against Lockbit. According to a comment from Chester Wisniewski, Director, Global ➡ Read more

Cyber ​​danger Raspberry Robin

A leading provider of an AI-powered, cloud-delivered cybersecurity platform warns about Raspberry Robin. The malware was first released in the year ➡ Read more

New scam Deep Fake Boss

Unlike classic scams such as the email-based boss scam, the Deep Fake Boss method uses high-tech manipulation ➡ Read more

Classification of the LockBit breakup

European and American law enforcement authorities have managed to arrest two members of the notorious LockBit group. This important strike against the ransomware group ➡ Read more