Sign In

Communications of the ACM

ACM TechNews

Crypto-Mining Botnet Has Been Hijacking MSSQL Servers for Almost Two Years


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Mapping the botnet's attacks.

Research by cybersecurity firm Guardicore found that a malware botnet has been launching brute-force attacks against Microsoft SQL databases for nearly two years.

Credit: Peter Kruse

Cybersecurity firm Guardicore said a malware botnet has been launching brute-force attacks against Microsoft SQL (MSSQL) databases to hijack administrative accounts and install cryptocurrency mining scripts on the underlying operating system for nearly two years.

A report by Guardicore estimated the Vollgar botnet infects approximately 3,000 new MSSQL databases daily.

Guardicore said more than 120 mainly Chinese Internet Protocol addresses are used to launch attacks that attempt to guess the passwords of MSSQL servers.

More than 60% of all hijacked MSSQL servers remain infected with the malware for no more than two days, but Guardicore's Ophir Harpaz said nearly 20% of all MSSQL systems remain infected for more than a week.

Said Harpaz, "Our experience shows that this type of campaign makes the most immediate attack vector for threat actors to make a profit."

From ZDNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found