A new piece of malware which hooks into SQL Server, skip-2.0, has been making the tech media rounds. If you’ve not read about it yet or you’re looking for more details, I’ve written a quick article discussing the finer details:
Skip-2.0 Malware Impacts SQL Server – Should I Be Worried?
The big takeaway I’ve been telling folks who have asked about it: skip-2.0 can only be deployed successfully *AFTER* the adversary has administrative rights to the OS. Therefore, it’s not a new way of getting in. It’s a way to maintain access and cover tracks. The real concern is how the adversary can get in. That’s not a SQL Server problem. That’s an OS and account management one.