Sign In

Communications of the ACM

ACM TechNews

KingMiner Botnet Brute-Forces MSSQL Databases to Install Cryptocurrency Miner


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Logo of Microsoft's SQL Server

U.K. cybersecurity firm Sophos is advising MSSQL database owners to fortify their servers against botnet-orchestrated brute-force attacks.

Credit: Microsoft

U.K. cybersecurity firm Sophos is advising MSSQL database owners to fortify their servers against botnet-orchestrated brute-force attacks that attempt to guess the password for the server administrator (SA) account.

After breaching a vulnerable MSSQL system, hackers create another database user named "dbhelp," in order to install a cryptocurrency miner that exploits server resources to generate profits for the KingMiner botnet.

According to Sophos, KingMiner has become more persistent since late 2018, and can commandeer the underlying Windows server where the MSSQL database operates by exploiting elevation-of-privilege vulnerabilities, which grant the malware access to execute code with administrator privileges.

The researchers also warn that the botnet seems to be expanding access from the MSSQL server to other systems to which the database is linked on a company's compromised network.

Sophos recommends server owners secure their SA account with a strong password to prevent KingMiner hacks.

From ZDNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found