MrbMiner ! Havocing SQL databases

Thousands of Microsoft SQL Servers (MSSQL) have been found to be infected by a new malware gang, named this new malware gang which is hacking into the servers and installing a crypto-miner, MrbMiner.

The cybercriminal group is so named after one of the domains used by it to host their malware.

The hackers blasted in through the weak password of the SQL Servers and then released the crypto-miner on target systems,


“MrbMiner mining Trojan will carefully hide itself to avoid being discovered by the administrator,” the company said in a blog post earlier this month.

“The Trojan will monitor the task manager process. When the user starts the ‘task manager’ process to view the system, the mining process will immediately exit and delete related files,” .

Researchers discovered the Linux system and ARM system-based mining Trojan files on the FTP File Transfer Protocol) server of the MrbMiner mining Trojan, speculating that MrbMiner has cross-platform attack capabilities.

Database security with SQL Server ! PAM

As such, organisations can now securely manage, monitor, record and audit database administrators’ access to SQL Server environments. This gives greater control over appropriate privileged user activity and enables users to more quickly and effectively identify suspicious behaviour.

One Identity is the first privileged access management (PAM) vendor to audit SQL Server and Azure SQL Database connections by native client support.

According to the company, database security, and securing privileged access in SQL server environments is more important than ever.

Cyber criminals are looking for access to privileged or administrative accounts because once inside they can gain access to an organisation’s most sensitive data and systems.

One Identity states, thousands of organisations worldwide rely on SQL Server databases to store highly sensitive information, from core business software to customer and employee information, making administrative access protections critical.

The company states that if a database administrators’ credentials and access is not properly managed and monitored, sensitive data within the database, as well as within other systems, could be exposed.

“Key to protecting these assets is ensuring that database administrator access and activity is fully monitored and managed in order to quickly identify suspicious commands and potential security threats.

One identity launched native support for recording SQL Server and Azure SQL Database sessions in Safeguard to help organisations increase database security to protect their most sensitive and valuable information.

As for securing privileged access, One Identity states its Safeguard solution makes administrative access to SQL Server and Azure SQL Database fully managed, controlled and audited.

The integrated solution includes a secured and hardened password vault, a real-time session monitoring and recording and privileged behavior analytics.

These features are designed to mitigate threats while providing database administrators with the access they need to complete their job functions, the company states.

Security of SQL Server environments can be further improved with two-factor authentication solutions, an integration with third party authentication and authorization systems with plugins or storing SQL passwords in the vault, according to One Identity.

Safeguard also features integrations with backend user management systems, such as Microsoft Active Directory or LDAP, with policy-based access enforcement and credential management.

Session monitoring and recording gives organisations real-time and historic visibility into the data and systems that database administrators access.

Audited sessions are encrypted, timestamped and stored in a trail file for tamper-proof evidence of actions taken throughout each session. Organisations can also execute commands, such as initiating security alerts, in near real-time when a risky command is observed.

Additionally, Safeguard serves as a proxy, inspecting application-level protocol traffic and can reject any traffic in violation of that protocol.

This ensures organisations can leverage their existing database tools and processes to access SQL environments, eliminating the need to increase security or changing the way users gain access to SQL environments.

Microsoft Azure Marketing senior director Wisam Hirzalla says, “Due to the critical data stored in SQL environments both on-premises and in the cloud, ensuring only authorised users get access is critical to data protection.

“One Identity Safeguards monitoring capabilities work natively with both SQL Server on-premises and Azure SQL Database to ensure only authorised users gain access.”