Attacks on Microsoft SQL have seen a huge rise

The number of attacks has remained high all year, experts warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

As threat actors seek to gain access to corporate infrastructure, they’re increasingly turning toMicrosoftSQL Server as their entry point of preference, a new report from Kaspersky has warned.

Its research claims attacks using Microsoft SQL Server rose by more than half (56%) in September 2022 compared to the same period last year, as during that month alone, the number of compromised servers grew to more than 3,000endpoints.

With July and August being the exception, the number of such attacks has been gradually increasing over the past year, Kaspersky added, and kept above 3,000 since April 2022.

Sloppy defending

“Despite Microsoft SQL Server’s popularity, companies may not be giving sufficient priority to protect against threats associated with the software. Attacks using malicious SQL Server jobs have been known for a long time, but it is still used by perpetrators to gain access to a company’s infrastructure,” said Sergey Soldatov, Head of Security Operations Center at Kaspersky.

Microsoft SQL servers hit by Cobalt Strike attacks>Brute-force attacks targeting MSSQL servers, Microsoft warns>These are the best antivirus software right now

There had been multiple recent incidents where Microsoft SQL Servers has been abused by threat actors, with the latest coming just over a month ago. In late September 2022, cybersecurity researchers from AhnLab Security Emergency Response Center reported of an ongoing campaign distributing the FARGO ransomware to MS-SQL servers. In this incident, the attackers went for unprotectedendpoints, or those guarded by weak and easily cracked passwords.

In April, on the other hand, threat actors were observed installing Cobalt Strike beacons on such devices. News of attacks against MS-SQL has also popped up in May, June, as well as October, this year.

In most instances, threat actors would scan the internet for endpoints with an open TCP port 1433, and then conduct brute-force attacks against them, until they guess the password.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)