• bunee
• September 1, 2023
• No Comments

A New Ransomware Strain Attacks: Poorly Secured MS SQL Servers Under Siege

Main Points

• Threat actors exploit insecure Microsoft SQL (MS SQL) servers using Cobalt Strike and ransomware named FreeWorld.
• Cybersecurity firm Securonix has named the campaign DB#JAMMER, highlighting the unique application of its toolset and infrastructure.
• This toolkit comprises of enumeration software, RAT payloads, and credential stealing software for exploitation.

Digital Bandits and Their Cyber Tools

Imagine coming home and finding out your windows were not only unlocked but wide open – that’s the digital equivalent of what’s happening with insufficiently secured MS SQL servers. Cyber bandits are using Cobalt Strike and a ransomware named FreeWorld, illustrating that poorly secured MS SQL servers are actually “FreeWorld” playgrounds to them.

These cyber crooks would have done well in any playground with their diverse toolkit. The icy game of “freeze tag” they play involves freezing your database and all its secrets behind a wall of ransomware.

Called Out by Securonix: The Campaign Named “DB#JAMMER”

In this virtual playground, we have a cyber referee in the form of Securonix. Labeling this offensive campaign as DB#JAMMER, the cybersecurity firm is like the dad handing out orange slices to the “good” players so everyone can stay hydrated during the match. Except, they’re handing out warnings and threat analysis.

Securonix’s assessment is credible and not too sweet to swallow. It’s not a sugar-coated reality. Instead, they stand out by bringing well-needed attention to how these tools, techniques, and infrastructures are employed in such campaigns.

The Toolkit: Not Every Toy in the Box Is for Fun

The cyber crooks are like tech-savvy kids with a toy box full of digital mischief. This box contains enumeration software, Remote Access Trojan (RAT) payloads, and credential stealing software for exploitation. They’re certainly not playing the game of ‘Simon says.’ More like, ‘Simon steals.’

Summary

In this tale of the digital playground, cyber bandits are exploiting poorly secured MS SQL servers with a ransomware strain called FreeWorld and an exploit kit Cobalt Strike. The cybersecurity firm Securonix, serving as our digital referee, has named this threat campaign DB#JAMMER. The toolset used comprises enumeration software, RAT payloads, and exploitation software, showing us their “Simon steals” instead of Simon says game, proving that not all toys in the toy box are meant for fun.

Original Article: https://thehackernews.com/2023/09/threat-actors-targeting-microsoft-sql.html