Woburn, MA – November 2, 2022 — / BackupReview.info / — According to Kaspersky’s new Managed Detection and Response report, attacks using Microsoft SQL Server increased by 56% in September 2022 compared to the same period last year. Perpetrators are still using a common attack employing SQL Server to attempt to gain access to corporate infrastructures.
Microsoft SQL Server is used worldwide by corporations, medium and small businesses for database management. Kaspersky researchers found an increase in attacks that utilize Microsoft SQL Server’s processes. In September 2022, the number of SQL servers hit amounted to more than 3,000 units, growing by 56% compared to the same period last year. These attacks were successfully detected by Kaspersky Endpoint Security for Business and Managed Detection and Response.
The number of these attacks have been increasing gradually over the past year and have stayed above 3000 since April 2022, except for a slight decrease in July and August.
“Despite Microsoft SQL Server’s popularity, companies may not be giving sufficient priority to protect against threats associated with the software,” said Sergey Soldatov, head of security operations center at Kaspersky. “Attacks using malicious SQL Server jobs have been known for a long time, but it is still used by perpetrators to gain access to a company’s infrastructure.”
A peculiar incident: PowerShell scripts and .PNG files
In the new report, devoted to the most interesting Managed Detection and Response incidents, Kaspersky experts describe is an attack employing Microsoft SQL Server jobs, a sequence of commands executed by the server agent.
“Attackers attempted to modify the server configuration to gain access to the shell to run malware via PowerShell. The compromised SQL Server was trying to run malicious PowerShell scripts that generated a connection to external IP addresses. This PowerShell script runs the malware disguised as .png files from that external IP address using the “MsiMake” attribute, which is very similar to the behavior of PurpleFox malware,” explained Sergey.
To read the full Managed Detection and Response report, please visit Securelist.com
To protect against threats targeting businesses, Kaspersky researchers recommend implementing the following measures:
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com
Media Contact:
Cassandra Faro
Cassandra.Faro@Kaspersky.com
781-503-1812
Source: Kaspersky
Tags: Kaspersky
Copyright © 2004 - 2020 Backup Review.info | Sitemap
RSS feed for comments on this post · TrackBack URI
Leave a reply