HomeWinBuzzer NewsMicrosoft SQL Servers Hit with Cobalt Strike Attacks

Microsoft SQL Servers Hit with Cobalt Strike Attacks

Threat actors are targeting Microsoft SQL Servers with weak passwords to install Cobalt Strike backdoors for further attacks.

-

Security researchers have found new Cobalt Strike attacks targeting vulnerable Microsoft SQL Servers. While the discoveries are beacons, they can lead to deeper penetration of servers and eventually deliver malware.

Microsoft SQL is one of the most popular database management systems and is used by major internet apps as well as millions of smaller services.

One problem is many of the deployments – especially smaller ones – do not have proper security and are protected with weak passwords. In a new report, Ahn Lab’s ASEC says threat actors are now exploiting this vulnerability with Cobalt Strike.

Attackers will scan servers to find open TCP port 1433, which is one sign a MS-SQL server is public-facing. When an open port is found, the hackers conducts a brute-force and dictionary attacks to discover the password.

Cracking the password can only happen if the password is weak. If that happens, the attacker gains access to the SQL Server admin accounts. Amongst the attack uses ASEC has observed including coin miners and creating backdoors by using Cobalt Strike.

Backdoor

By installing Cobalt Strike through a command shell process, a beacon is placed in the legitimate Windows wwanmm.dll process. It remains hidden giving the attacker constant access when they need it.

“As the beacon that receives the attacker’s command and performs the malicious behavior does not exist in a suspicious memory area and instead operates in the normal module wwanmm.dll, it can bypass memory-based detection,” points out the report by Ahn Lab’s ASEC group.

It is worth noting that Cobalt Strike is envisioned as an ethical hacking tool but has become used by cybercriminals too.

Typically, this attack is one that can be relatively easily prevented. All admins on MS-SQL need to do is create a strong password.

Tip: To protect your system against attacks that might render your SQL server unusable, using a solid backup solution is key. SQL Server Backup from BDRSuite is a cost-effective software that offers agentless image-level backups that can be stored online or offline and  which allows to restore an SQL server in less than 15 minutes.

Last Updated on November 8, 2024 12:56 pm CET

SourceASEC
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon