New and Persistent Threats to Your SQL Servers

It would be nice if there existed some methodology that enabled DBAs to fully protect their SQL Server environment from hackers, malware, and unauthorized access. Something like a simple script that once executed, ensured that nothing could penetrate your database security. Everyone from the database team to the CIO would sleep much better knowing that the systems were safe and secure.

Unfortunately, no such silver bullet exists. Securing an SQL Server environment is a task that demands constant vigilance and presents new challenges regularly. Letting your guard down and relying on yesterday’s methods may not be enough to protect your databases. This is due to several factors that include:

  • A community of cybercriminals who are dedicated to developing new methods of injecting malware into your environment or compromising data resources;
  • An increase in the number of phishing attacks which is partially spurred on by the continued confusion caused by the COVID-19 pandemic;
  • The introduction of new software that presents entry points into networks and other systems;
  • An evolving user population that introduces a steady stream of new individuals who can pose an insider threat.

A factor that complicates implementing security in a computing environment is the existence of advanced persistent threats that can be present in systems for extended lengths of time before performing their malicious activities. They can be extremely destructive and hard to identify.

What are Advanced Persistent Threats?

An advanced persistent threat (APT) is a cyberattack that employs sophisticated methods to gain unauthorized access to a system or network. Once access is gained, the criminals strive to remain undetected and gather information that can be used for subsequent attacks. The intruders can be in your systems for any amount of time, lying dormant and waiting for the right opportunity to spring into action.

The entities behind APTs are after the same type of financial gain as in other forms of cyberattack. Some factors differentiate APTs from other types of malware attacks.

  • APTs are more complex.
  • They operate with a specific pre-determined target in mind.
  • The criminals remain in the network after it is breached.
  • APTs are often manually triggered to maximize damage.
  • The goal of APTs is to infect a complete network.

Advanced persistent threats are characterized by elaborate planning and a multi-stage enactment plan. Here is an overview of the steps cybercriminals take to attack your computing resources.

  • Target selection - The first step in planting an APT is identifying a viable target. Unlike randomly released malware, teams introducing APTs have a definite target.

  • Gathering information - Once a target has been found, the attackers gather as much information regarding the computing infrastructure as they can. This is where malicious insiders may make their presence felt in an organization.

  • Identifying the entry point - A vulnerability will be chosen as the entry point into the network. This can be a security flaw or oversight in any part of the infrastructure including SQL Databases.

  • Planting the malware - The identified vulnerability is used to plant malware on a compromised machine that opens a backdoor to the server or allows the perpetrators to gain full access. The malware attempts to gather login credentials and elevate their privileges on the infected computer.

  • Communication - APTs are controlled by intermittent command and control communication between the malware and the attackers. The low volume of this communication makes it harder to spot than traditional botnets. The malware may be migrated to different machines as the criminals search for higher privileges.

  • Asset discovery - Once inside the network, the APT searches for high-value targets and sensitive information stores.

  • Data exfiltration - When access to sensitive data is attained, the APT gathers it into an archive which it compresses and encrypts. It then sends this information to an external location controlled by the criminals.

  • Remaining hidden - After the attack’s goal is accomplished, the criminals attempt to get away without leaving any traces of their activity.

APTs are not attacks generated by some teenage hackers looking for some amusement. They are performed by organized teams and are often sponsored by governments engaged in cyber-warfare.

Backup Your Data as a Protective Measure

The risk of an APT triggering a sequence of events that impacts your SQL Servers is an ever-present reality in the current landscape of cybercrime. Due to security flaws in your SQL Servers or other parts of the computing environment, there may be targeted malware just waiting to commence an attack and cripple your infrastructure.

The effects of a cyberattack perpetrated by an APT can be wide-ranging and may require systems to be shut down and restored on new hardware. Databases can be corrupted, making the information they contain virtually useless. In these types of situations, having reliable backup procedures in place is essential. It may be your only hope of recovering critical business data and systems in the aftermath of a cyberattack.

IDERA’s SQL Safe Backup is a software tool that helps protect your SQL Server environment by backing up their valuable data. It uses advanced backup techniques that save time and space as well as protecting data resources with 128-bit and 256-bit encryption. Manage the backups for all of your SQL Servers from a single console. The software offers alternate recovery techniques that provide the speed and flexibility required to recover from a cyber attack.

Having a secure backup and recovery platform is a great line of defense against APTs and any other type of security threat. Make sure your organization has one.

Anonymous