2 minute read
Attacks using Microsoft SQL Server increased 56% YoY in September 2022
Number of attacked MS SQL Servers.
Attacks using Microsoft SQL Server increased by 56% in September 2022 compared to the same period last year. Perpetrators are still using a common attack employing SQL Server to attempt to gain access to corporate infrastructures. The technical details of one of these incidents were analysed in Kaspersky’s new Managed Detection and Response report.
Microsoft SQL Server is used worldwide by corporations, medium and small businesses for database management. Kaspersky researchers found an increase in attacks that utilise Microsoft SQL Server’s processes. In September 2022, the number of SQL servers hit amounted to more than 3,000 units, growing by 56% compared to the same period last year. These attacks were successfully detected by Kaspersky Endpoint Security for Business and Managed Detection and Response.
The number of these attacks have been increasing gradually over the past year and have stayed above 3000 since April 2022, except for a slight decrease in July and August.
In the new report, devoted to the most interesting Managed Detection and Response incidents, Kaspersky experts describe is an attack employing Microsoft SQL Server jobs – a sequence of commands executed by the server agent.
SentinelOne, an autonomous cybersecurity platform company, was recognised in the MITRE Engenuity ATT&CK Evaluation for Managed Services for its Vigilance MDR. This achievement follows three consecutive years of top performance in MITRE ATT&CK Enterprise Evaluations and MITRE ATT&CK Deception evaluation. SentinelOne is the only XDR vendor to participate in every MITRE evaluation spanning EDR, Identity, Deception, and now MDR – and consistently deliver top results. Integrated within Singularity XDR, SentinelOne is fully committed to MITRE’s frameworks as the de facto language of cybersecurity, supporting organisations in programmatic risk reduction.
The MITRE Engenuity ATT&CK Evaluation for Managed Services evaluated vendors’ ability to analyse and describe adversary behaviour from OilRig, also known as APT 34. The evaluation highlighted the importance of MDR services in providing faster threat mitigation to reduce attacker dwell time, showcasing SentinelOne Vigilance MDR’s:
SentinelOne Vigilance was able to not only correctly attribute the attack to OilRig, but provide additional insight including a summary of the adversary and the group’s evolution over time, commonly exploited tools by the adver- sary, and all of their known associated TTPs. With a frictionless MDR and DFIR experience, SentinelOne Vigilance seamlessly provided insight into the “how” and the “why” – including malware and data exfiltration technique analysis and reverse engineering of malware samples – to significantly accelerate overall investigation and response.
SentinelOne Vigilance accurately tracked and detected – using patented Storyline technology – the adversary from the moment they infiltrated the simulated environment. With protection policies enabled, this attack would have been autonomously stopped in its tracks.
Earlier this year, SentinelOne received the most comprehensive MITRE ATT&CK analytic coverage in the inaugural MITRE Engenuity ATT&CK Deception Evaluation. SentinelOne was one of the first endpoint companies to correlate alerts in-product with the MITRE ATT&CK framework, embrace the MITRE ATT&CK Endpoint Protection Product Evaluation, and incorporate the MITRE ATT&CK framework as the new threat hunting standard within Singularity XDR’s console.
