Trustwave Report: Attacks on Microsoft’s MS SQL are Skyrocketing

Highlights:

• As per Trustwave’s study, credential brute-force attacks were more commonly directed toward certain databases than others, and the U.K. was surprisingly a significant target for such attacks.
• The study also revealed that certain attacks were directed toward specific countries rather than servers, which was unsurprising given the ongoing Russian invasion of Ukraine.

According to a recent report by Trustwave Holdings Inc., cyber-attacks aimed at Microsoft Corp.’s MS SQL are on the rise, and database vulnerabilities are increasing in volatile regions.

The results come from a four-month study that utilized a network of honeypots (decoy systems) established in different regions worldwide, including the U.S., China, the U.K., Poland, Central Europe, Ukraine, and Russia. Nine popular database systems were scrutinized, including MS SQL Server, MySQL, MongoDB, Redis, PostgreSQL, Oracle DB, IBM DB2, Cassandra, and Couchbase. It also revealed that MS SQL Server was the most targeted system, with significantly more attack activity than the other systems.

As per the study, credential brute-force attacks were more commonly directed towards specific databases than others, and the U.K. was surprisingly a significant target for such attacks. After MS SQL Server, MySQL and Redis were the most frequently attacked databases.

The study also revealed that certain attacks were directed toward specific countries rather than server-specific, which was unsurprising given the ongoing Russian invasion of Ukraine. The study notes that some countries experienced similar attack levels on all their honeypot sensors. The attackers targeted specific countries or regions instead of randomly attacking any available server, as noted by the study.

The study highlights the importance of ongoing research to keep pace with the evolving cyber threats. It also suggests using database vulnerability scanners to enhance database security.

Joseph Carson, the Advisory Chief Information Security Officer and Chief Security Scientist at Delinea Inc., a leading privileged access management provider, said, “The latest study from Trustwave highlights where cybercriminals have more automation and experience with different types of databases. Attackers tend to try and automate as many known exploits as possible and credential-based attacks so when new databases appear on the public internet the automated bots focus and attack them with increased intensity.”

According to Carson, the popularity of MS SQL makes it an unsurprising top target for cyber-attacks. He added, “However, the hope is that the best security practices are in place, such as multifactor authentication, strong privileged access controls and patch management to ensure that all known and common vulnerabilities are patched.”