For organizations leveraging SQL Server databases, SQL Server security and understanding how to protect SQL Server databases is a fundamental capability.
There is no denying that security is of the utmost concern across the information technology (IT) field these days. The prevalence of data breaches, ransomware attacks, and other forms of cybercrime makes it imperative that organizations take every possible precaution to protect SQL Server databases.
Robust SQL Server security demands a multi-faceted approach that emphasizes protecting systems from unauthorized use and implementing a reliable backup and recovery methodology.
Despite the best efforts designed to eliminate the presence of unwelcome visitors, the possibility always exists that systems can be compromised. In those cases, the most effective remedy may be to restore the systems using a recent backup.
The Real and Diverse Risks to SQL Server Databases
An organization’s databases contain the information that makes up its most valuable resources. As with many things of value, the data’s worth attracts criminals intent on using the assets for nefarious purposes.
Cybercriminals may want to use stolen data like credit card numbers directly for financial gain. The current scourge of ransomware demonstrates the lengths to which malicious criminals will go in their quest for illicit gains.
Recent SQL Server Malware
Some fairly recent examples of targeted attacks on SQL Servers serve to illustrate the dangers faced by companies every day:
MrbMiner
This malware variant installs cryptomining software in compromised SQL Servers. While cryptomining in itself is not destructive, the malware steals the system resources of infected servers to perform the intensive calculations required to mine cryptocurrency.
This can lead to performance problems as well as issues such as overheating affecting hardware components.
Hackers gained entry to the SQL Servers using a brute-force attack focused on the presence of weak passwords. The use of weak passwords is a problem throughout the IT industry and often provides the access hackers need to launch their attacks.
Vollgar
This hacking campaign also used weak passwords to infect SQL Servers with malware and cryptomining code. After gaining entry to the machines, hackers installed multiple backdoors capable of executing all types of malicious software including cryptomining and remote access tools.
Some victims were reinfected after the software was removed due to the absence of root cause analysis to address the vulnerabilities identified by the hackers.
The Winnti Group
A Chinese-backed team of hackers named the Winnti Group is being blamed for malware used to persist on Microsoft SQL Server (MSSQL) systems.
The group installs a malicious tool called skip-2.0 tool that allows attackers to connect to any database account using what is termed a “Magic Password.”
The malware covers its tracks and attempts to keep all signs of its activity from appearing in system security logs. This malware can remain hidden on a system and used at any time by hackers to cause damage or compromise data.
An intrusion that delivers any type of malware can be used to implant ransomware or other malicious programs. Companies need to try to keep the doors of their SQL Server locked tightly to avoid uninvited guests.
Defending Enterprise SQL Servers
The two main components required to protect against cybercriminals are controlling access to enterprise databases and ensuring reliable backups are created regularly.
Protecting an organization’s SQL Servers from unauthorized access is the first line of defense. This includes keeping hackers from outside the organization away from the systems as well as maintaining tight control over internal actors.
Visibility into which employees have access and what information they can touch is a critically important part of securing enterprise data resources. Unfortunately, a growing number of data breaches are initiated by malicious insiders, making it substantially more difficult to lock down IT resources.
No defense is perfect, and in the current environment of widespread ransomware attacks, a single instance of unauthorized access can be devastating. A viable defense against ransomware and other malicious malware is to always have recent backups available to restore all production SQL Server databases.
Backups should not exist in a vacuum and need to be used according to a well-crafted disaster recovery plan. The plan needs to consider items like the recovery time objective (RTO) and recovery point objective (RPO) required to keep the business operational.
Watch: Creating a Disaster Recovery Plan
Two Tools for Providing Enhanced Database Protection
IDERA’s dedicated SQL Server database tools address SQL Server security. Two tools specifically provide the means with which to enforce strong access controls and maintain the backups required to restore systems quickly.
SQL Secure gives database teams visibility into who can do what, where, and how on enterprise SQL Server databases. The tool is an automated solution for analyzing, monitoring, and reporting on security access rights for SQL Servers.
Teams can analyze effective rights, assess the security of the underlying operating system, and generate security scorecards for all monitored SQL Server instances. A feature that speaks directly to the brute-force attacks mentioned previously is the ability to detect and report on weak or missing passwords.
SQL Safe Backup handles the second part of protecting the SQL Server environment. This backup and recovery solution reduces SQL Server backup and recovery time, minimizes storage requirements, and enables teams to backup a large number of SQL Servers simultaneously.
The tool offers multiple recovery modes including restoring databases immediately by streaming data from backup files to address on-demand user requests while restoring the complete system in the background. This feature can be instrumental in quickly resolving the impact of a ransomware attack and keeping the business running.