Last week the Gh0stCringe trojan started ground around and getting access to Microsoft SQL Server and MySQL database servers. As reported by BleepingComputer and AhnLab the trojan is targeting poorly secured database servers that have easy to guess or no password on the server.
The mitigation that’s posted by BleepingComputer should be something that is already being done but clearly isn’t.
The most crucial step is to place the database server behind a firewall allowing only authorized devices to access the server.
BleepingComputer, Bill Toulas
Let me translate this for you. Stop putting database servers (I don’t care what vendor) on the public Internet. Yes, the cloud companies do this with their PaaS platforms, but unless you work for Microsoft, Amazon, or Google you probably don’t have the in-house resources to secure and then monitor database servers on the internet.
Denny
