Attacks on Microsoft SQL have seen a huge rise

Security attack
(Image credit: Shutterstock / ozrimoz)

As threat actors seek to gain access to corporate infrastructure, they’re increasingly turning to Microsoft SQL Server as their entry point of preference, a new report from Kaspersky has warned. 

Its research claims attacks using Microsoft SQL Server rose by more than half (56%) in September 2022 compared to the same period last year, as during that month alone, the number of compromised servers grew to more than 3,000 endpoints.

With July and August being the exception, the number of such attacks has been gradually increasing over the past year, Kaspersky added, and kept above 3,000 since April 2022. 

Sloppy defending

“Despite Microsoft SQL Server’s popularity, companies may not be giving sufficient priority to protect against threats associated with the software. Attacks using malicious SQL Server jobs have been known for a long time, but it is still used by perpetrators to gain access to a company’s infrastructure,” said Sergey Soldatov, Head of Security Operations Center at Kaspersky.

There had been multiple recent incidents where Microsoft SQL Servers has been abused by threat actors, with the latest coming just over a month ago. In late September 2022, cybersecurity researchers from AhnLab Security Emergency Response Center reported of an ongoing campaign distributing the FARGO ransomware to MS-SQL servers. In this incident, the attackers went for unprotected endpoints, or those guarded by weak and easily cracked passwords.

In April, on the other hand, threat actors were observed installing Cobalt Strike beacons on such devices. News of attacks against MS-SQL has also popped up in May, June, as well as October, this year. 

In most instances, threat actors would scan the internet for endpoints with an open TCP port 1433, and then conduct brute-force attacks against them, until they guess the password. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.