fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Warns of Brute-force Attacks Targeting MSSQL Servers

Microsoft Warns of Brute-force Attacks Targeting MSSQL Servers

Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords.

While this isn’t necessarily the first time MSSQL servers have been targeted in such attacks, Redmond says that the threat actors behind this recently observed campaign are using the legitimate sqlps.exe tool as a LOLBin (short for living-off-the-land binary).

“The attackers achieve fileless persistence by spawning the sqlps.exe utility, a PowerShell wrapper for running SQL-built cmdlets, to run recon commands and change the start mode of the SQL service to LocalSystem,” the Microsoft Security Intelligence team revealed.

“The attackers also use sqlps.exe to create a new account that they add to the sysadmin role, enabling them to take full control of the SQL server. They then gain the ability to perform other actions, including deploying payloads like coin miners.”

Also Read: The 5 Important Things To Know In Security Pen Testing

Using sqlps, a utility that comes included with the Microsoft SQL Server and allows loading SQL Server cmdlets, as a LOLBin, enables the attackers to execute PowerShell commands without worrying about defenders detecting their malicious actions.

It also helps ensure that they don’t leave any traces to be found while analyzing their attacks since using sqlps is an effective way to bypass Script Block Logging, a PowerShell capability that would otherwise log cmdlet operations to the Windows event log.

Similar attacks against MSSQL servers were reported in March when they were targeted to deploy Gh0stCringe (aka CirenegRAT) remote access trojans (RATs).

In a previous campaign from February, threat actors compromised MSSQL servers to drop Cobalt Strike beacons using the Microsoft SQL xp_cmdshell command.

However, for years, MSSQL servers have been targeted as part of massive campaigns where malicious actors attempt to hijack thousands of vulnerable servers daily for various end goals.

Also Read: New Licensing Requirements For Cyber-Security Service Providers in 2022

In one such series of attacks (dubbed Vollgar) spanning almost two years, threat actors backdoored between 2,000 and 3,000 servers with RATs after brute-forcing publicly exposed servers to deploy Monero (XMR) and Vollar (VDS) cryptominers.

In a previous campaign from February, threat actors compromised MSSQL servers to drop Cobalt Strike beacons using the Microsoft SQL xp_cmdshell command.

However, for years, MSSQL servers have been targeted as part of massive campaigns where malicious actors attempt to hijack thousands of vulnerable servers daily for various end goals.

In one such series of attacks (dubbed Vollgar) spanning almost two years, threat actors backdoored between 2,000 and 3,000 servers with RATs after brute-forcing publicly exposed servers to deploy Monero (XMR) and Vollar (VDS) cryptominers.

To defend their MSSQL servers against such attacks, admins are advised not to expose them to the Interne, use a strong admin password that can’t be guessed or brute-forced, and place the server behind a firewall.

Admins are advised not to expose them to the Internet to defend their MSSQL servers against such attacks.

You should also:

  • use a strong admin password that can’t be guessed or brute-forced easily and place the server behind a firewall
  • enable logging to monitor for suspicious or unexpected activity or recurring login attempts
  • apply the latest security updates to decrease the attack surface and block attacks leveraging exploits that target known vulnerabilities

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us