Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

April 1, 2020
in Internet Privacy
Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
588
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other kinds of malware, including multi-functional remote access tools (RATs) and cryptominers.

Named “Vollgar” after the Vollar cryptocurrency it mines and its offensive “vulgar” modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet.

You might also like

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey.

Windows mssql malware hacking

Thankfully for those concerned, researchers have also released a script to let sysadmins detect if any of their Windows MS-SQL servers have been compromised with this particular threat.

Vollgar Attack Chain: MS-SQL to System Malware

The Vollgar attack starts off with brute-force login attempts on MS-SQL servers, which, when successful, allows the interloper to execute a number of configuration changes to run malicious MS-SQL commands and download malware binaries.

“Attackers [also] validate that certain COM classes are available – WbemScripting.SWbemLocator, Microsoft.Jet.OLEDB.4.0 and Windows Script Host Object Model (wshom). These classes support both WMI scripting and command execution through MS-SQL, which will be later used to download the initial malware binary,” the researchers said.

Windows mssql malware hacking

Aside from ensuring that cmd.exe and ftp.exe executables have the necessary execute permissions, the operator behind Vollgar also creates new backdoor users to the MS-SQL database as well as on the operating system with elevated privileges.

Upon completion of the initial setup, the attack proceeds to create downloader scripts (two VBScripts and one FTP script), which are executed “a couple of times,” each time with a different target location on the local file system to avert possible failures.

One of the initial payloads, named SQLAGENTIDC.exe or SQLAGENTVDC.exe, first proceeds to kill a long list of processes with the goal of securing the maximum amount of system resources as well as eliminate other threat actors’ activity and remove their presence from the infected machine.

Furthermore, it acts as a dropper for different RATs and an XMRig-based crypto-miner that mines Monero and an alt-coin called VDS or Vollar.

Attack Infrastructure Hosted On Compromised Systems

Guardicore said attackers held their entire infrastructure on compromised machines, including its primary command-and-control server located in China, which, ironically, was found compromised by more than one attack group.

“Among the files [on the C&C server] was the MS-SQL attack tool, responsible for scanning IP ranges, brute-forcing the targeted database, and executing commands remotely,” the cybersecurity firm observed.

“In addition, we found two CNC programs with GUI in Chinese, a tool for modifying files’ hash values, a portable HTTP file server (HFS), Serv-U FTP server and a copy of the executable mstsc.exe (Microsoft Terminal Services Client) used to connect to victims over RDP.”

Windows mssql malware hacking

Once an infected Windows client pings the C2 server, the latter also receives a variety of details about the machine, such as its public IP, location, operating system version, computer name, and CPU model.

Stating that the two C2 programs installed on the China-based server were developed by two different vendors, Guardicore said there are similarities in their remote control capabilities — namely downloading files, installing new Windows services, keylogging, screen capturing, activating the camera and microphone, and even initiating a Distributed Denial-of-Service (DDoS) attack.

Use Strong Passwords to Avoid Brute-Force Attacks

With about half-a-million machines running MS-SQL database service, the campaign is yet another indication that attackers are going after poorly protected database servers in an attempt to siphon sensitive information. It’s essential that MS-SQL servers that are exposed to the internet are secured with strong credentials.

“What makes these database servers appealing for attackers apart from their valuable CPU power is the huge amount of data they hold,” Guardicore researchers concluded. “These machines possibly store personal information such as usernames, passwords, credit card numbers, etc., which can fall into the attacker’s hands with only a simple brute-force.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Machine Learning: An Answer to Coronavirus

Next Post

Cybersecurity warning: These scammers are looking for a way into your email accounts

Related Posts

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
Internet Privacy

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

March 2, 2021
SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020
Internet Privacy

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020

March 1, 2021
Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Next Post
Cybersecurity warning: These scammers are looking for a way into your email accounts

Cybersecurity warning: These scammers are looking for a way into your email accounts

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning Cuts Through the Noise of Quantum Computing
Machine Learning

Machine Learning Cuts Through the Noise of Quantum Computing

March 2, 2021
Google’s Tensorflow Certification & What I’ve Learned Since
Neural Networks

Google’s Tensorflow Certification & What I’ve Learned Since

March 2, 2021
Apple’s data-collection ‘nutrition labels’ for apps will begin appearing next week
Digital Marketing

Pinterest powers up creators during stressful times: Monday’s daily brief

March 2, 2021
Developers can now use IBM’s cloud services across multiple environments with IBM Cloud Satellite – IBM Developer
Technology Companies

Developers can now use IBM’s cloud services across multiple environments with IBM Cloud Satellite – IBM Developer

March 2, 2021
Free cybersecurity tool aims to help smaller businesses stay safer online
Internet Security

Free cybersecurity tool aims to help smaller businesses stay safer online

March 2, 2021
Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
Internet Privacy

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

March 2, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning Cuts Through the Noise of Quantum Computing March 2, 2021
  • Google’s Tensorflow Certification & What I’ve Learned Since March 2, 2021
  • Pinterest powers up creators during stressful times: Monday’s daily brief March 2, 2021
  • Developers can now use IBM’s cloud services across multiple environments with IBM Cloud Satellite – IBM Developer March 2, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates