Secure Microsoft SQL and MySQL servers from the Gh0stCringe malware

Last week the Gh0stCringe trojan started ground around and getting access to Microsoft SQL Server and MySQL database servers. As reported by BleepingComputer and AhnLab the trojan is targeting poorly secured database servers that have easy to guess or no password on the server.

Man holding virus

The mitigation that’s posted by BleepingComputer should be something that is already being done but clearly isn’t.

The most crucial step is to place the database server behind a firewall allowing only authorized devices to access the server.

BleepingComputer, Bill Toulas

Let me translate this for you. Stop putting database servers (I don’t care what vendor) on the public Internet. Yes, the cloud companies do this with their PaaS platforms, but unless you work for Microsoft, Amazon, or Google you probably don’t have the in-house resources to secure and then monitor database servers on the internet.

Denny

Share

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trust DCAC with your data

Your data systems may be treading water today, but are they prepared for the next phase of your business growth?