Communications of the ACM

Home/News/Crypto-Mining Botnet Has Been Hijacking MSSQL Servers.../Full Text

ACM TechNews

Crypto-Mining Botnet Has Been Hijacking MSSQL Servers for Almost Two Years

By ZDNet
April 8, 2020
Comments

View as: Print Mobile App Share:

Mapping the botnet's attacks. — Research by cybersecurity firm Guardicore found that a malware botnet has been launching brute-force attacks against Microsoft SQL databases for nearly two years.

Credit: Peter Kruse

Cybersecurity firm Guardicore said a malware botnet has been launching brute-force attacks against Microsoft SQL (MSSQL) databases to hijack administrative accounts and install cryptocurrency mining scripts on the underlying operating system for nearly two years.

A report by Guardicore estimated the Vollgar botnet infects approximately 3,000 new MSSQL databases daily.

Guardicore said more than 120 mainly Chinese Internet Protocol addresses are used to launch attacks that attempt to guess the passwords of MSSQL servers.

More than 60% of all hijacked MSSQL servers remain infected with the malware for no more than two days, but Guardicore's Ophir Harpaz said nearly 20% of all MSSQL systems remain infected for more than a week.

Said Harpaz, "Our experience shows that this type of campaign makes the most immediate attack vector for threat actors to make a profit."

From ZDNet
View Full Article

No entries found

Crypto-Mining Botnet Has Been Hijacking MSSQL Servers for Almost Two Years

When Eyes in the Sky Start Looking Right at You

Innovation Is Overrated: A Provocation

Tokenomy of Tomorrow: Envisioning an AI-Driven World