Communications of the ACM

Home/News/KingMiner Botnet Brute-Forces MSSQL Databases to Install.../Full Text

ACM TechNews

KingMiner Botnet Brute-Forces MSSQL Databases to Install Cryptocurrency Miner

By ZDNet
June 16, 2020
Comments

View as: Print Mobile App Share:

U.K. cybersecurity firm Sophos is advising MSSQL database owners to fortify their servers against botnet-orchestrated brute-force attacks.

Credit: Microsoft

U.K. cybersecurity firm Sophos is advising MSSQL database owners to fortify their servers against botnet-orchestrated brute-force attacks that attempt to guess the password for the server administrator (SA) account.

After breaching a vulnerable MSSQL system, hackers create another database user named "dbhelp," in order to install a cryptocurrency miner that exploits server resources to generate profits for the KingMiner botnet.

According to Sophos, KingMiner has become more persistent since late 2018, and can commandeer the underlying Windows server where the MSSQL database operates by exploiting elevation-of-privilege vulnerabilities, which grant the malware access to execute code with administrator privileges.

The researchers also warn that the botnet seems to be expanding access from the MSSQL server to other systems to which the database is linked on a company's compromised network.

Sophos recommends server owners secure their SA account with a strong password to prevent KingMiner hacks.

From ZDNet
View Full Article

No entries found

KingMiner Botnet Brute-Forces MSSQL Databases to Install Cryptocurrency Miner

iOS Users' Face Scans Used to Break into Mobile Banking Accounts

Disinformation 2.0 in the Age of AI: A Cybersecurity Perspective

SWOT Analysis of ChatGPT in Computer Science Education