Cloud Security

Cloud compromise sought by attempted cyberattack against vulnerable Microsoft SQL server

Attempted cyberattacks have been launched against a vulnerable Microsoft SQL server to facilitate further cloud environment compromise as part of an unsuccessful campaign, according to The Hacker News. Initial exploitation of an SQL injection bug enabled threat actors to secure access and privileges to an Azure Virtual Machine-based SQL server, a report from Microsoft Threat Intelligence researchers revealed. New permissions were then used to exploit the server's cloud identity and allow lateral movement to other resources. Attackers were also able to deploy operating system commands to enable reconnaissance, executable and PowerShell script downloading, and persistence efforts although such an intrusion was thwarted by an unspecified error, researchers reported. "Not properly securing cloud identities can expose SQL Server instances and cloud resources to similar risks. This method provides an opportunity for the attackers to achieve greater impact not only on the SQL Server instances but also on the associated cloud resources," said researchers.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.