The MS-SQL (Microsoft SQL) honeypot incident that took place recently highlighted the sophisticated strategies used by cybercriminals that rely on the Mallox ransomware (also known as Fargo, TargetCompany, Mawahelper, etc.).
The honeypot, set up by the Sekoia researchers, was targeted by an intrusion set employing brute-force techniques to deploy the Mallox ransomware via PureCrypter, exploiting multiple MS-SQL vulnerabilities.
Upon analysing Mallox samples, the researchers detected two different affiliates that had different goals: one was more interested in taking advantage of vulnerabilities in the system, while the other sought larger-scale breaches of information systems.
The “sa” account (SQL Administrator) was the target of the initial brute-force attack that gained access to the MS-SQL server. The attack was successful within an hour of its deployment. Throughout the monitoring period, the attacker continued to use brute-forcing, displaying an intense effort.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: