Attacks via Microsoft SQL Server increased by 56 percent in September this year compared to last year. Malware disguised as a .PNG file was identified. These findings come from Kaspersky's latest Managed Detection and Response Report.
Microsoft SQL Server is used worldwide by large companies and SMEs for database management. Kaspersky experts have identified an increase in attacks exploiting Microsoft SQL Server processes. In September 2022, the number of attacked SQL servers was more than 3.000; this corresponds to an increase of 56 percent compared to the same period of the previous year.
Protection for MS SQL Server is neglected
"Despite the widespread use of Microsoft SQL Server, companies do not give it enough priority to protect it," said Sergey Soldierov, head of the Security Operations Center at Kaspersky. “Attacks using malicious SQL Server jobs have long been known, but are still used by cybercriminals to gain access to a company's IT infrastructure. The attackers attempted to change the server configuration to gain access to the shell and run malware through PowerShell. The compromised SQL Server then tried to run malicious PowerShell scripts that connected to external IP addresses. The PowerShell script runs malware masquerading as .PNG files from this external IP address with the 'MsiMake' attribute. This is similar to the behavior of the PurpleFox malware.”
Recommendations for organizations to protect against cyber threats
- Always keep the software of all devices used up to date in order to prevent attackers from being able to penetrate the company network by exploiting vulnerabilities. Patches for new vulnerabilities should be installed immediately, since threat actors can no longer exploit a vulnerability that has been closed in this way.
- Latest threat intelligence information helps cybersecurity professionals learn about attackers' current TTPs.
- Implement a reliable endpoint security solution like Kaspersky Endpoint Security for Business, which is equipped with behavior-based detection and anomaly control to provide effective protection against known and unknown threats.
- Kaspersky Managed Detection and Response helps detect and stop complex attacks at an early stage. In the event of an incident, the Kaspersky Incident Response service helps to respond to it and minimize the consequences.