Hackers are distributing malware to thousands of Microsoft SQL server.
Named “Vollgar“, the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet. Hackers have successfully infected 2000-3000 database servers daily and the victims mostly belong to healthcare, aviation, IT and telecommunication, and educational sectors.
Vollager uses brute-force method to access the password of various MS_SQL servers, which allows the hacker to execute a number of configuration changes to run malicious MS-SQL commands and download malware binaries .Attackers validate that certain COM classes are available which support both WMI scripting and command execution through MS-SQL, which will be later used to download the initial malware binary.
Upon completion of the initial setup, the attack proceeds to create downloader scripts, which are executed multiple times, each time with a different target location on the local file system to avert possible failures.
Vollgar downloads various malware backdoor which can be used to deploy various other malware, including remote access malicious tools and cryptominers. NPAV recommends using proper security measures to protect your servers and using proper passwords as your login credentials.
Use NPAV and join us on a mission to secure the cyber world.