Coping with the Danger of Malware to Your SQL Servers

by Oct 31, 2019

Many responsibilities go along with being a DBA in an SQL Server environment. Keeping the systems performing optimally for end-users is an important task, as is making sure the databases are properly backed up regularly. Installing system updates and fine-tuning SQL queries are other duties that fill the work hours of a DBA. Perhaps the most critical aspect of a DBA’s role is to protect and ensure the security of the information stored in their databases.

A major impediment to the goal of securing SQL Server databases is the introduction of malware into the system. Malware, or malicious software, are software programs whose purpose is to do damage or perform other unauthorized actions on a computer system. As a DBA, the last thing you want to have to deal with is recovering from a malware intrusion.

Types of Malware

Multiple different types of malware may impact your SQL Servers. They go about their task of compromising your systems in a variety of ways. Each type has characteristics that differentiate it from the other malicious members of the malware family. Here are some different types of malware.

  • Viruses are self-executing malicious programs that spread by infecting files and other programs.

  • Worms are self-replicating and spread without human interaction or specific directives from their creators.

  • Adware tracks a user’s web activities with the intent of providing information to marketers and lures unsuspecting individuals to click on potentially dangerous links.

  • Trojan horses appear as legitimate programs to gain access to the system. Once they are installed and activated they perform the malicious activities for which they were developed.

  • Spyware collects data regarding a user’s computer activities surreptitiously and potentially sends that information to third-parties with malicious intent.

  • Ransomware is a fairly recent addition to the family and is one of the scariest types of malware. It encrypts the data of the affected system and demands a ransom before decrypting it. Ransomware attacks are especially prevalent in the healthcare industry where sensitive personal information on patients is often the target.

New Malware Strains and Delivery Methods

As if the array of potential malware variations that can infect your systems is not enough to worry about, hackers are continually refining their destructive programs and the ways in which they are delivered. It makes it challenging for security professionals to keep their detection tools up-to-date and imperative that IT teams do not let their guard down. Here are two examples of recent developments in the world of malware that might impact SQL Server administrators.

MnuBot, which was discovered in early 2018, is a trojan that executes a two-stage attack on infected machines. It is targeted at banking sites and in the first stage of the attack creates a new desktop from which to launch stage two. It tricks users into revealing sensitive banking data with the goal of opening sessions to financial websites on behalf of the affected user.

More recently, the “skip-2.0” malware, which specifically targets SQL Server versions 11 and 12, was discovered. It hides evidence of its presence by compromising the server’s logging and auditing functionality. The malware can copy, modify or delete the contents of a database. This particular piece of malware works as a post-exploitation tool. What this means is that it relies on infecting a system that is already compromised to give the intruders the level of permissions they need for a successful attack.

You can be sure that new threats are being developed as you read this. Your best defense against the current and future attacks being planned against the SQL Servers you support is to maintain the highest level of security that you can to minimize the chances of unauthorized access or compromised users.

Security Tools Can Minimize the Risks

Keeping your SQL Servers free of malware requires diligence and the use of the right security tools. IDERA’s SQL Secure provides a database team with the capacities of fully controlling SQL Server permissions. This can be instrumental in locking down your systems and eliminating the chance of attack with post-exploitation malware.

SQL Secure enables you to perform a complete analysis of the security details of your SQL Server instances. Investigate the permissions assigned to database role members and conduct weak password detection. The tool features powerful reporting capabilities to help you keep on top of changes and ensure that there are no issues such as elevated permissions or other security concerns that might impact your systems. It’s a great solution to help address the dangers of malware infecting your SQL Servers.