Why Should You Care About Crypto Mining on Your SQL Servers?

by Feb 16, 2021

Many different types of malware are floating around out there. Some of the variants are purely destructive and are designed to simply delete data. This type of malware is often sent out randomly by societally-challenged hackers who thrive on causing trouble anonymously. All computer systems should be protected by antivirus software to help prevent infection with this kind of dangerous malware.

While causing havoc may be enough for some hackers, others have found more lucrative ways to practice their craft. A glance at any IT security news source is likely to present new instances of ransomware, a particularly nasty type of malware favored by organized gangs of cybercriminals. In this type of attack, a system’s data is encrypted and made unavailable to its owners until a financial ransom is paid to the perpetrators.

Enterprise computing environments offer attractive targets for criminals wielding ransomware weapons. Finding important systems to infect increase the chances that the victims will pay the ransom to quickly regain access to their data. In recent months, the healthcare industry has been particularly hard hit by ransomware, further complicating the efforts to combat the coronavirus pandemic. 

One can reasonably compare a ransomware attack to armed robbery. There is no attempt to hide the fact that computing systems have been compromised. A successful ransomware attack requires the victim to be aware of the seriousness of the intrusion so they are willing to pay the ransom. It can’t be done quietly, which risks exposing the cybercriminals to legal repercussions.

A more subtle method of using malware for financial gain is hijacking computing systems for mining cryptocurrency such as Bitcoin. While mining for cryptocurrency in itself is a harmless activity, it is very resource-intensive. Complex mathematical calculations related to the blockchain are required to harvest Bitcoins or other forms of cryptocurrency.

In a sense, crypto mining creates value from thin air. Simply performing a bunch of intensive mathematical calculations ends up producing cyber currency that has real value. The problem is that it takes a lot of processing power to mine productively. This is where cybercriminals come in as they search for ways to increase their take from crypto mining. 

Targeted Crypto Mining

SQL Servers make inviting targets for illicit crypto mining. They are often well-provisioned with the kind of memory and processing power that miners like to see. Identifying a SQL Server system available for infection leads to some happy cybercriminals. Specifically going after database servers has become increasingly popular among underground crypto miners.

An extensive campaign called MrbMiner was discovered in September 2020 that downloaded crypto mining software on thousands of SQL Servers. The most common method of intrusion was compromising weakly protected administrator accounts. Once access had been obtained, crypto mining tools were installed, leading to degraded server performance. 

Why it Matters

The first and most obvious problem with allowing crypto mining processes to run on your SQL Servers is that their performance will be degraded. The CPU cycles and memory used by the crypto miners will reduce the resources available for database activity and will slow it down. The performance issues caused by crypto mining can also result in a lot of wasted time as DBAs struggle to identify the hidden source of the problem.

Another reason that having your SQL Servers crypto mined should alarm you is it indicates your systems have been accessed by malicious actors. Whether the intrusion is perpetrated by internal or external forces, nothing stops them from ratcheting up the stakes by stealing sensitive data or planting ransomware. Cybercriminals with the ability to deliver crypto-mining tools to your environment may also have other ideas in mind.

Protecting Your SQL Servers 

The first step in infecting a SQL Server with crypto mining malware is to gain access to the system. SQL Server DBAs tasked with protecting enterprise databases need to know who is accessing their systems and what activities they are performing. SQL Secure provides them with a tool to help even the playing field when faced with cybercriminals determined to compromise their systems.

With SQL Secure, DBAs can analyze users’ effective rights, identify surface areas prone to attack, and view server security properties. They can analyze the security of the operating systems hosting SQL Server instances and detect weak passwords that may leave the doors open for hackers. Predefined policy templates provide teams with realistic guidelines for protecting SQL Servers from unauthorized intrusion. 

Powerful reporting capabilities let you view security scorecards to quickly identify instances that need review. Custom reports can be generated for security audits and used as compliance evidence. All physical, visual, and cloud SQL Server instances in the environment can have security managed from a central console. Security data is stored in a centralized repository for use in reporting and analysis.

You should be concerned about crypto miners accessing your SQL Servers for the performance degradation and potential extracurricular activities they can engage in once successfully accessing the systems. It takes a concerted effort to protect enterprise SQL Server resources and SQL Secure will assist in hardening your SQL Server environment.