Hackers Using Vulnerable SQL Servers to Target Microsoft Azure

Hackers are using vulnerable Microsoft SQL Servers to attack Azure VMs, according to Microsoft security researchers.
Hackers Using Vulnerable SQL Servers to Target Microsoft Azure
Written by WebProNews

Hackers are using vulnerable Microsoft SQL Servers to attack Azure VMs, according to Microsoft security researchers.

According to BleepingComputer, Microsoft’s researchers report that hackers are using Microsoft SQL Servers that are vulnerable to SQL injections, a common vulnerability that often goes unpatched. The outlet described the attack chain:

The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target’s environment.

This enables the threat actors to gain access to the SQL Server instance hosted on Azure Virtual Machine with elevated permissions to execute SQL commands and extract valuable data.

This includes data on databases, table names, schemas, database versions, network configuration, and read/write/delete permissions.

BleepingComputer says Microsoft recommends using Defender for Cloud and Defender for Endpoint to head off the attack by catching the SQL injection attempts.

Subscribe for Updates

CloudPlatformPro Newsletter

The CloudPlatformPro Email Newsletter is the go-to resource for IT and cloud professionals. Perfect for tech leaders driving cloud adoption and digital transformation.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.
Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us