Beware! Cyber Attacks Attempt To Breach Cloud Via SQL Server Instance
Microsoft recently reported a new campaign in which attackers tried to move laterally to a cloud environment through a SQL Server instance. The company actually wants to warn us to beware of such cyber attacks. The cyber attackers exploited a SQL injection vulnerability in an app within the target’s environment. As a result, they got access and elevated permissions on a Microsoft SQL Server instance deployed in Azure Virtual Machine (VM). After that, they used these permissions to attempt to move laterally to additional cloud resources by manipulating the server’s cloud identity.
Microsoft Warns Of Cyber Attacks Attempting To Breach Cloud
Reports claim that cyber attackers may possess elevated permissions to carry out different malicious actions in the cloud that the identity has access to. Currently, Microsoft did not find any proof to suggest that the attackers successfully moved laterally to the cloud resources using this SQL Server Instance technique.
It is pertinent to mention here that Cloud services like Azure usually use managed identities for assigning identities to different cloud resources. These identities are used for authentication with other cloud resources and services as well. The attack chain actually began with an SQL injection against the database server. It allowed the adversary to run queries to gather data about the host, databases, and network configuration. Moreover, the attackers used a publicly accessible tool called webhook[.]site to stay under the radar, as outgoing traffic to the service is considered legitimate and unlikely to be flagged.
The major goal of the operation seems to manipulate the token to perform various operations on cloud resources, including lateral movement across the cloud environment. However, the good part is that it ended in failure due to an unspecified error.
According to the researchers, SQL Server instances and cloud resources can be exposed to similar risks if security cloud identities are not properly secured. It can provide an opportunity for attackers to have a greater impact not only on the SQL Server instances but also on the linked cloud resources.
PTA Taxes Portal
Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal
Explore NowFollow us on Google News!