Do you rely on Microsoft SQL and MySQL databases? If so, be advised that the cybersecurity firm AhnLab recently published a report about a newly emerging threat.
It seems that hackers are now targeting poorly secured Microsoft SQL and MySQLdatabases with a malware strain known as GhostCringe.
If you’re not familiar with it, GhostCringe is also known as CirenegRAT. It is a variant of the GhostRAT malware made famous by the Chinese government in a series of attacks in 2020, but dating back to 2018.
Of interest, it seems that the threat actors behind the GhostCringe attack aren’t alone. A forensic analysis of compromised servers indicates that several other malware strains were present. That suggests that competing gangs of hackers were all competing to break into the same databases as part of their own campaigns.
As malware strains go, GhostCringe isn’t the worst or most destructive we’ve seen, but it does make rather aggressive use of its keylogging function. So once any passwords you enter on the system have been compromised, they will be fed directly to the hackers who control the code and that could expose you to a whole world of pain.
This is a genuine threat that should be taken seriously. The first step in terms of taking it seriously is to make sure your server software is up to date with the latest security patches applied. In addition to that, please do not make the mistake of either not setting an administrator password or setting one that is weak and easily guessed.
Those are rookie mistakes that are easy to avoid, and you don’t want to be the business owner who lost tens of thousands of dollars to a mistake like that.
Finally, be relentless in terms of monitoring all activity on your server including suspicious “reconnaissance” activity which could be a harbinger of things to come.