Blog

Backdoor Could Be Used On Microsoft SQL Without Detection

Nov 4, 2019 | Blog

If you haven’t heard of Skip-2.0 yet, prepare to be dismayed.

Security researchers have recently discovered an undocumented (until now) backdoor designed for Microsoft SQL servers.

It will allow a hacker working remotely to stealthily take control of a previously compromised system.

Worse, this is not theory or conjecture.  Researchers have found malware strains in the wild that take advantage of the backdoor, allowing attackers to remotely connect to any account on the server running MSSQL version 11 or 12 by using a “magic password.”

As bad as that sounds, it gets worse.  The Skip-2.0 malware contains code that disables the compromised machine’s logging functions, audit mechanisms and event publishing every time the “magic password” is used so that it leaves no trace, which is why it’s so difficult to detect.

This gives the malware the freedom and flexibility to move seamlessly through the target system, where it can copy, change, or delete any content stored on it. That is, all while keeping the system’s owner or user blind and in the dark as to what’s happening. In their most recently published cybersecurity report, the security firm ESET attributed the Skip-2.0 backdoor to an organization known as the Winnti Group, which is a state-sponsored threat actor with Chinese backing.

As evidence in support of this conclusion, the researchers involved with drafting the report point to numerous similarities between Skip-2.0 and other tools developed and used by the Winnti Group, including PortReuse and ShadowPad.

In addition to that, Skip-2.0 utilizes an encrypted ‘VMProtected’ launcher, an ‘inner-0loader’ injector and hooking framework and a custom packer to install its payload, which again, is identical to the structure of other Winnti Group tools.

In basic terms, this is just another malware threat to emerge in the tech world. If there’s a silver lining in all of this, it is the fact that MSSQL 11 and 12 are not the most recent versions, so the fix is fairly simple.  Just upgrade to a version beyond 12 and you can avoid the risks associated with this new threat.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech