SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Sorry, Mikko, the box was already open

In a blog post F-Secure's Chief Research Officer, Mikko Hypponen (blog | twitter), indicated that with the US participating in cyberattacks against a foreign adversary, ala Stuxnet, that it had opened a Pandora's box which the United States would likely regret. Hypponen is a brilliant man, but on this one, I'm going to have to disagree. The reason is simple: the box was already open.

The major malware prevention vendors (including F-Secure) have been talking about Advanced Persistent Threats (APTs) for a while. These are attacks and malware designed by nation states. The most prominent nation that they point to is China. There's been a lot of research done as to when attacks occur, how often, etc., to the point where they actually expect a decrease in activity when it's a holiday in some of these nations. While Stuxnet was out for a while before it was discovered, and now Flame has been discovered to have been out a long time but not picked up properly for what it was, these aren't the only examples. For instance, there was Shady RAT, with attacks beginning in 2006 and China is the primary one suspected. Let's also not forget the cyberattacks against Estonia in 2007.

In other words, the box had already been opened, and not by the United States. This isn't to argue whether the US is right or wrong in its engagement of cyberwarfare, just to point out that this pattern of war had already started before Stuxnet, Duqu, and Flame.

Applying This to SQL Server:

By the way, all three are reminders to keep systems up to date, to not rely exclusively on AV to protect you, and to seriously consider egress filtering, especially from sensitive systems like SQL Servers. Is there a legitimate reason your SQL Server should be able to talk to the Internet (outbound)? What's to stop an administrator from popping into IE to look something up and getting hit by a drive-by download, thus compromising your SQL Server? Exactly.



K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.


No comments.

Leave a Comment

Please register or log in to leave a comment.