Brute-force credential guessing attacks against database servers are ramping up with MSSQL being at the top of the target list. That’s because attackers can leverage the many extensibility features that Microsoft’s database server provides to integrate with other Windows components and features to elevate their privileges and gain full control of the underlying servers.
Last week, researchers from security firm Trustwave released data collected over four months from their global honeypot project, a network of sensors distributed around the world to mimic vulnerable systems and record information about attacks. In this exercise, the honeypots were configured to act as popular database management systems (DBMS) running on their default ports: MS SQL Server (MSSQL), MySQL, Redis, MongoDB, PostgreSQL, Oracle DB, IBM DB2, Cassandra and Couchbase.