Microsoft has issued a warning to businesses about a new wave of brute-force hacks targeting SQL servers that utilise an unusual living-off-the-land code (LOLBin).
To achieve file less persistence on SQL servers with weak or default passwords, the attackers employ a genuine tool called sqlps.exe. According to Microsoft, attackers can use sqlps.exe, a PowerShell wrapper that facilitates the execution of SQL-built cmdlets, to run recon commands and change the SQL service’s start mode to LocalSystem.
Sqlps.exe is also being used in the assaults to establish a new account with sysadmin credentials, which is subsequently used to gain control of the SQL server.
Read More: https://www.securityweek.com/new-brute-force-attacks-against-sql-servers-use-powershell-wrapper
