By Alexei KuznetsovThe database of the world’s largest corporation has been under constant attack by cybercriminals since the beginning of the year, and the latest report from cybersecurity firm Kaspersky Lab finds that the company is currently vulnerable to a new strain of malware that has yet to be identified.
Kaspersky said in a statement that the latest exploit is a new variant of SQL injection, a type of malware designed to compromise databases in order to extract information.
Kaspersy’s researchers identified the new variant on May 17, and published their findings on Wednesday.
“In a nutshell, this new strain is not a new SQL injection attack, but rather a variant of a previously reported SQL injection threat,” Kasperski wrote.
“It is possible that we’re just beginning to understand how it works and why it does what it does.”
While the new SQL is relatively easy to spot in a database scan, it is not uncommon for an attacker to inject malicious code into a database.
For instance, the new strain injects a code into the database that is supposed to steal passwords from the user.
In some cases, this code can be malicious, Kasperska said.
This new SQL-injection variant also has a more complicated syntax that allows attackers to perform complex operations.
That is to say, the attack vector becomes more complex and more dangerous the longer the database is being scanned.
“For example, a few hours ago, we saw an attack that attempted to execute a command with the SQL injection command-and-control address of a MySQL database,” Katella said.
“When the database was scanned, this command was injected into the SQL.”
In other words, the SQL-based attack was able to steal user credentials from the database for as long as the database remained open.
That in turn allowed attackers to create fake user accounts to steal other sensitive data.
Katella’s analysis of the SQL vulnerability found that this attack could be carried out on a database in a wide range of operating systems, and that it had been widely distributed to corporate servers.
“We’re seeing a lot of the same types of vulnerabilities in our previous research as well,” Katerina said.
According to Katelli, KMS is one of the oldest and most well-known databases in the world.
The database stores billions of records, including passwords, and allows users to access them through a browser.
“It’s a very powerful and well-established database,” she said.
“As far as security, K-MS is a very well-managed database,” said Katelly.
“We have security audits every month and we’ve always seen it in the top three of our threat assessments.”
But the new attack does not only target KMS.
It also targets a wide variety of other databases, including the US government, a company owned by the Russian state oil company Gazprom, and a company controlled by an Australian mining firm.
The new SQL strain is “unique in that it targets the very most sensitive data, including sensitive information about financial transactions, health information, passwords and more,” Kuzna said.
Kuznapod said the latest SQL-infection variant also appears to be able to infect servers running the popular Microsoft SQL Server, as well as some popular SQL server operating systems.
This is not the first time that the SQL infection threat has been reported to Kaspersk.
The company released a report on April 30 about a new threat that appeared to be similar to the SQL variant, but it was later revealed that it was a malicious plug-in that was installed on Windows machines.