Hackers are using vulnerable Microsoft SQL Servers to attack Azure VMs, according to Microsoft security researchers.
According to BleepingComputer, Microsoft’s researchers report that hackers are using Microsoft SQL Servers that are vulnerable to SQL injections, a common vulnerability that often goes unpatched. The outlet described the attack chain:
The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target’s environment.
This enables the threat actors to gain access to the SQL Server instance hosted on Azure Virtual Machine with elevated permissions to execute SQL commands and extract valuable data.
This includes data on databases, table names, schemas, database versions, network configuration, and read/write/delete permissions.
BleepingComputer says Microsoft recommends using Defender for Cloud and Defender for Endpoint to head off the attack by catching the SQL injection attempts.