Database administrators urged to tighten security against RAT

Microsoft SQL and MySQL databases directors are becoming warned to lock down their servers following protection scientists found out a marketing campaign to infect them with a remote access trojan (RAT).

The discovery was made by South Korea-primarily based Ahn Lab, which mentioned in a blog this 7 days that unnamed threat actors are getting advantage of databases with weak qualifications to install the Gh0stCringe RAT.

Also identified as CirenegRAT, it is just one of the malware variants dependent on the code of Gh0st RAT, which was 1st discovered in December 2018, claims the weblog, and it is regarded to have been distributed by means of a vulnerability in Microsoft Server Messaging Block (SMB).

Gh0stCringe RAT is a distant entry trojan that connects to an attacker’s command and control server, the website says. The attacker can designate a variety of jobs for Gh0stCringe, as they can with other RAT malware. These consist of the potential to copy alone to certain paths in Home windows, convert on a keylogger, assess Home windows procedures and down load further payloads.

“Considering the reality that MySQL servers are targets of assault in addition to MS-SQL servers, it can be assumed that Gh0stCringe targets inadequately-managed DB servers with vulnerable account credentials,” say the scientists.

The logs of systems with Gh0stCringe installed show a history of an infection from malware these as Vollgar CoinMiner that are distributed by means of brute pressure assaults, increase the scientists.

Directors ought to use passwords that are tricky to guess for their accounts and improve them periodically to defend the database server from brute pressure attacks and dictionary attacks, says the blog site. They should also implement the most recent patches to protect against vulnerability attacks. If a database server desires internet access, it must be protected by a firewall.