Security researchers have detected a botnet that targeted PostgreSQL databases. Researchers at Unit 42 of Palo Alto Networks said that the botnet works by deploying brute-force attacks on internet-accessible PostgreSQL databases. The botnet picks up a public network range at random and then repeats all IP addresses as part of the range and searches for systems with the PostgreSQL port exposed on the Internet.
Read More: Monitoring Behavioral Patterns to Combat Fraud and Mitigate Risk
Suppose the miner detects an active PostgreSQL system, the botnet shifts from the scanning position to the brute-force phase. There it shuffles across a long password list in the attempt to potentially guess the “postgres” credentials for default PostgreSQL ID and account.
Source: zdnet