Microsoft SQL servers hijacked to deliver Cobalt Strike and ransomware

Sead Fadilpašić

4 September 2023 at 11:15 am·2-min read

Unknown threat actors are targeting poorly protected Microsoft SQL servers, in an attempt to infect them with a new strain of ransomware.

A new report from cybersecurity researchers Securonix outlines a campaign in which hackers first try to brute-force their way into MS SQL servers.

When they succeed, they do a number of things, including the deployment of a Cobalt Strike beacon, lateral movement across the target network and endpoints, and ultimately - the deployment of a ransomware strain called FreeWorld.

FreeWorld ransomware

FreeWorld seems to be a variant of a known encryptor called Mimic. While the goal of the campaign is as expected (stealing sensitive data and encrypting the endpoints) the way the hackers use the tools and infrastructure to get there is quite unique. Securonix explained in its writeup, saying: “Some of these tools include enumeration software, RAT payloads, exploitation and credential-stealing software, and finally ransomware payloads."

The success of the campaign depends exclusively on the strength of the password used to protect an MS SQL server, the researchers concluded. "It's important to emphasize the importance of strong passwords, especially on publicly exposed services." After all, it’s the servers with weak passwords that ended up being compromised.

> Citrix servers hacked using zero-day exploit

> Hackers are targeting US critical infrastructure using this Citrix zero-day

> These are the best malware removal tools around

Ransomware is one of the most popular types of cybercrime out there. After a relatively peaceful 2022, this year the number of ransomware attacks skyrocketed, figures from Coveware have shown. At the same time, awareness among potential victims is growing, resulting in fewer organizations paying the ransom demand. The percentage of compromised organizations that ended up paying the ransom demand fell to a record low of 34%, the same source claims.

Those that did pay - ended up paying quite a lot. The average amount surpassed $700,000, up 126% compared to Q1 2023.

Here are the best firewalls to keep your business protected

Via: TheHackerNews

The Telegraph
‘I’ve lost my job and my house, but my wife and I are worth £650m – how can we pay less tax?’
Rishi Sunak, 44, finds himself in a bind. After a highly successful career in the City of London, followed by a brief but eventful spell in politics, he has suffered a serious demotion and been evicted from his home.
Malay Mail
When Ms ‘Malaysia’ visits Malaysia: American tourist gets warm welcome from locals awed by unique name (VIDEO)
KUALA LUMPUR, July 5 — An American tourist decided to visit Malaysia for a special reason: Malaysia also happens to be h...
The Independent
Embattled Biden makes latest gaffe saying he’s the ‘first Black woman to serve with a Black president’
President’s July 4 blunder comes as he desperately tries to claw back confidence among voters and party members after last week’s debate flop
Malay Mail
Police: Man sodomised by foreigner he met in PJ condo gym
PETALING JAYA, July 6 — A local man has alleged he was sodomised against his will by a foreigner he met at the gym of th...
The Guardian
Portugal v France: a galactic battle lost in the black hole of one man’s ego
This Euro 2024 clash could have been an all-time great quarter-final, and instead a part of it was stolen
Reuters
China anchors 'monster ship' in South China Sea, Philippine coast guard says
The Philippine Coast Guard (PCG) said on Saturday that China's largest coastguard vessel has anchored in Manila's exclusive economic zone (EEZ) in the South China Sea, and is meant to intimidate its smaller Asian neighbour. The China coastguard's 165-meter 'monster ship' entered Manila's 200-nautical mile EEZ on July 2, spokesperson for the PCG Jay Tarriela told a news forum. The PCG warned the Chinese vessel it was in the Philippine's EEZ and asked about their intentions, he said.
Malay Mail
Too late to sue me for RM1.6b, Rosmah tells 1MDB, others
KUALA LUMPUR, July 5 — Datin Seri Rosmah Mansor has contended that 1MDB and 10 other entities could no longer sue her fo...
CNN
Opinion: What Britain’s first Asian prime minister meant to my family
The defeat of the Conservative Party in the UK election ends Rishi Sunak’s two-year premiership. Does it also sour the story of Britain’s first Asian prime minister, asks Sunder Katwala.
Malay Mail
PKR-linked think-tank says Sungai Bakap race too close to call
KUALA LUMPUR, July 5 — Pakatan Harapan’s Joohari Ariffin could win the Sungai Bakap by-election in Penang tomorrow if hi...
The Telegraph
Cristiano Ronaldo looks lost as Portugal lose to France in penalty shoot-out at Euro 2024
When it was finally over Cristiano Ronaldo turned away, pulled the captain’s armband from his sleeve and wandered off – if this is not the end for him in international football then he will be in his fifth decade by the time of the next World Cup finals.
Malay Mail
Immigration nabs 75 in Klang Valley prostitution crackdown
KUALA LUMPUR, July 6 — The Immigration Department conducted a crackdown on a foreign prostitution syndicate in the Klang...
ITN
Jeremy Hunt leaves No11 after election defeat
Chancellor Jeremy Hunt has left No 11 with his family after Labour's landslide general election win.
Yahoo News UK
Seven moments over 14 years that destroyed the Conservative government
The Tories have lost the 2024 general election with the worst results in the party's history. Here are the key moments that brought them down.
RFI
Carmakers unhappy after EU hits China with tariffs on electric vehicles
The European Union has slapped extra provisional duties of up to 38 percent on Chinese electric car imports because of "unfair" state subsidies, despite Beijing's warnings the move would unleash a trade war. But company reps in both China and Europe are critical of the steps. Brussels launched an investigation last year into Chinese electric vehicle manufacturers to probe whether state subsidies were unfairly undercutting European automakers.Since announcing the planned tariff hike last month, o
Malay Mail
Big fat weddings off the cards for Malaysian couples as cost of living bites post-pandemic
KUALA LUMPUR, July 6 — Malaysian couples prefer tying the knot in close-knit and moderate wedding ceremonies as cost of...
People
Megan Fox and Machine Gun Kelly Wear Matching All-White Outfits for Rare Date Night at Fourth of July Party
The on-again-off-again couple celebrated the holiday in the Hamptons
The Telegraph
Ukraine goes to war... with Western moneymen
For months, the West’s most respected military experts have been insisting that Vladimir Putin’s war machine is close to running out of steam in Ukraine. However, it is a prediction that seems completely at odds with the reality of life for millions of Ukrainians living close to the frontline.
People
New Royal Ride! Prince William Spotted Zooming Into Windsor Castle on Electric Scooter in Rare Sighting
In a rare royal sighting, the Prince of Wales was seen riding up Windsor Castle on his new mode of transportation
The Guardian
Jude Bellingham fined €30,000 and given suspended one-game ban for gesture
Uefa has found Jude Bellingham guilty of ‘violating the basic rules of decent conduct’ in his goal celebration against Slovakia
INSIDER
Russia is using devastating 'meat assault' attacks to find out where Ukraine's firepower is hidden: report
Russia is throwing troops into high-casualty attacks for marginal tactical gains.

FreeWorld ransomware

Latest stories