A new wave of attacks on vulnerable MS-SQL Servers (Microsoft SQL) has been discovered by the cybersecurity analysts of the ASEC analysis team at AhnLab.
In these attacks, the hackers are installing the Cobalt Strike beacons on the compromised system of their victim to penetrate deeper into the victim’s network.
With open TCP port 1433, the attacks begin, and here the open TCP port 1433 implies to be MS-SQL servers. Once the attack is executed, the attacker performs a brute-force attack to crack the admin password.
In this new wave of attacks, the hackers perform two key attacks to accomplish their goal, and here they are mentioned below:-
After acquiring access to the admin account and penetrating the server, the hackers deploy several crypto miners, and here they are:-
While later to gain a foothold in the compromised system of their victim and laterally move into the network, the attackers using the Cobalt Strike also create a backdoor.
The Cobalt Strike beacons are mainly loaded through:-
And once they are loaded after that, they get embedded and executed in MSBuild.exe to avoid any type of detection.
In a later stage, the beacons are embedded in the legitimate wwanmm.dll process to remain hidden inside the system file and wait for further commands from its operators.
Apart from this, the cybersecurity researchers have recommended a few security recommendations to mitigate such attacks, and here we have mentioned them below:-
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.
Hackers exploit DNS vulnerabilities to redirect users to malicious websites, launch distributed denial-of-service (DDoS) attacks…
Microarchitectural side-channel attacks misuse shared processor state to transmit information between security domains. Although they…
Cybersecurity researchers at XLab have uncovered a new Android malware strain called "Wpeeper." This sophisticated…
On April 17, 2024, a joint effort between the Dresden Public Prosecutor’s Office and the…
Jareh Sebastian Dalke, 32, of Colorado Springs, was sentenced today to 262 months in prison…
A significant security flaw has been identified in Apple's Safari browser that could potentially expose…