Microsoft SQL servers accessible through the internet have been targeted with brute-force attacks distributing the novel Mimic ransomware variant dubbed "FreeWorld," according to The Record, a news site by cybersecurity firm Recorded Future.
Dictionary-based or random password spray attempts are being conducted by threat actors in a bid to crack the passwords of targeted Microsoft SQL databases, which will then be followed by the utilization of SQL to facilitate network mapping, credential exfiltration, and FreeWorld deployment, a report from Securonix revealed.
Further examination of an organization victimized by the operation revealed that while the organization's firewall was able to thwart numerous attacker tools, it was eventually infiltrated with the use of the AnyDesk remote access software.
"This is not something we have been seeing often, and what truly sets this attack sequence apart is the extensive tooling and infrastructure used by the threat actors," said Securonix Vice President of Threat Research Oleg Kolesnikov.
SiliconAngle reports that ransomware attacks against the educational sector have significantly increased from 2018 to 2022 and are expected to reach a record high this year, with 85 attacks recorded during the first half of 2023 being almost two times higher than the same period in 2022.
Air Canada has confirmed being impacted by a data breach that compromised some of its employees' limited personal data and other records, reports The Record, a news site by cybersecurity firm Recorded Future.