U.K. cybersecurity firm Sophos is advising MSSQL database owners to fortify their servers against botnet-orchestrated brute-force attacks that attempt to guess the password for the server administrator (SA) account.
After breaching a vulnerable MSSQL system, hackers create another database user named "dbhelp," in order to install a cryptocurrency miner that exploits server resources to generate profits for the KingMiner botnet.
According to Sophos, KingMiner has become more persistent since late 2018, and can commandeer the underlying Windows server where the MSSQL database operates by exploiting elevation-of-privilege vulnerabilities, which grant the malware access to execute code with administrator privileges.
The researchers also warn that the botnet seems to be expanding access from the MSSQL server to other systems to which the database is linked on a company's compromised network.
Sophos recommends server owners secure their SA account with a strong password to prevent KingMiner hacks.
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA