Guardicore Labs, a cybersecurity research firm, reported on the Vollgar botnet, which attacks Microsoft SQL database servers for hidden Vollar and XMR mining.
According to Guardicore Labs, over the past few weeks the attackers managed to infect about 2,000-3,000 servers every day. Hackers carry out the attack by searching for passwords on servers with a low level of protection. After the hack, the system is reconfigured so that hackers can trigger the necessary commands and install malicious programs for mining.
The Vollgar botnet has already affected organizations in health, education, aviation, IT and telecommunications. The botnet is mainly focused on China, India, South Korea, Turkey and the United States. Guardicore Labs found out that the hackers' command server is located in China, but paradoxically, the server itself has been repeatedly attacked.
Experts Guardicore Labs have informed, that among files on a control server the tool for attacks to MS-SQL with which help scanning of ranges of IP-addresses was spent, and also breaking by a method of selection of passwords and remote fulfilment of commands has been carried out.
In addition, two programs were found in Chinese, making changes to the value of the hash function, in a portable HTTP file server, FTP server, and in a copy of the client mstsc.exe (Microsoft terminal service client) to connect to the victims through the Remote Desktop Protocol (RDP).
Guardicore Labs noted that hackers are attacking Microsoft SQL database servers because of their high performance and ability to store large amounts of data. These servers can contain sensitive information, including user names, passwords and credit card details. At the same time, such information can be obtained by hackers with the help of an ordinary "brute force".
To protect against hacking, Guardicore Labs recommends that server administrators use complex passwords. The company has also published a script on GitHub so that organizations that may become potential victims of the Vollgar botnet can check if their systems have been tampered with by the botnet.
Last year, a botnet from the Outlaw hacker group was discovered distributing malware for XMR mining. In addition, botnets are often used to email ransom emails in cryptocurrencies for nonproliferation of compromising information.
Comments
Post a Comment