We are now living in a data-driven world that’s also fast-moving in nature. But at times, we need to slow down a bit and introspect if our mechanism has enough firepower to resist various cybersecurity threats, which are on a sharp rise these days. This is extremely important as incidents of data breach are at an all-time high, globally. Only last week, Kaspersky Labs revealed in its latest cybersecurity report that more than 90% global businesses are not well-equipped to combat the potential cyber-attacks at present.
In such a scenario, DSCO CyTec’s shocking revelation of a new malware strain called Maggie, sends shockwaves across the world of information and technology. Especially, the fact that Microsoft SQL servers are falling like a house of cards while being under attack by the new malware strain. Let’s delve deeper to figure out more about Maggie and weigh the intensity of its larger implications.
The worldwide hue and cry around the new malware strain of late, is quite obvious, considering the serious consequences so far. It has been learned that Maggie is mostly targeting Microsoft SQL servers, which is indeed worrying enough for international businesses.
The new malware strain is posing a serious threat as it’s enabled to perform an array of dangerous tasks like running programs, snooping-in on data and brute-forcing its way into other SQL servers. The cybersecurity analysts at DSCO CyTec, should be hailed for this immensely significant finding. They are the ones, who have termed it ‘Maggie’ as of now.
Beware of Maggie
The way the new malware strain, Maggie, is being circulated is quite alarming. It’s distributed while remaining under the veil of an Extended Stored Procedure DLL, a file digitally signed by an alleged South Korean company called DEEPSoft.
Generally, SQL query functionalities are extended by Extended Stored Procedure files with the help of an API that accepts remote user agreements and starts working with unstructured data. In the case of Maggie, this functionality is exploited to give room to threat actors as many as 51 different commands, which also include the above-mentioned ones.
Extra Cushion of Caution
The researchers at DSCO CyTec, have found that the new malware strain, Maggie is operated by SQL queries. It has been further learned that these SQL queries let it know about the commands needed to be executed and the files required to be accessed. The analysists from DSCO CyTec, have enlightened us that this dangerous new malware strain has already infected hundreds of endpoints across the globe, with most of the regions located in South Korea, India, Vietnam, China, Russia, Thailand, Germany and the United States.
After discovering that Maggie attacks Microsoft SQL servers and comes with a wide range of functionalities, it can be concluded that it was designed as a corporate espionage tool. But we are yet to know the exact details about the threat actors responsible for Maggie, their location, prime targets and mode of landing the malware on these servers (opens in new tab).
“In order to install Maggie, an attacker has to be able to place an ESP file in a directory accessible by the MSSQL server, and has to have valid credentials to load the Maggie ESP into the server,” the researchers at DSCO CyTec stated. “It is unclear how an actual attack with Maggie is performed in the real-world.”
Taking everything into consideration, it goes without saying that business around the world, irrespective of their domain, must consider reinforcing their cyber protection to a great extent and that too on a war footing. Otherwise, they might need to pay a steep price by falling prey to emerging cyber-threats like this new malware strain, Maggie.