Hackers Using Vulnerable SQL Servers to Target Microsoft Azure

Hackers are using vulnerable Microsoft SQL Servers to attack Azure VMs, according to Microsoft security researchers....
Hackers Using Vulnerable SQL Servers to Target Microsoft Azure
Written by WebProNews

Hackers are using vulnerable Microsoft SQL Servers to attack Azure VMs, according to Microsoft security researchers.

According to BleepingComputer, Microsoft’s researchers report that hackers are using Microsoft SQL Servers that are vulnerable to SQL injections, a common vulnerability that often goes unpatched. The outlet described the attack chain:

The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target’s environment.

This enables the threat actors to gain access to the SQL Server instance hosted on Azure Virtual Machine with elevated permissions to execute SQL commands and extract valuable data.

This includes data on databases, table names, schemas, database versions, network configuration, and read/write/delete permissions.

BleepingComputer says Microsoft recommends using Defender for Cloud and Defender for Endpoint to head off the attack by catching the SQL injection attempts.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us