SQL Server Attack Ride-Along: Detecting and Investigating a Database Attack Using Log and Trace Data

The Chinese Vollgar attacks on thousands of SQL servers from 2018 through 2020 highlighted not only how vulnerable database servers are, but how easy they serve as an point for additional threat activity once within the logical “walls” of your network. According to analysis of such attacks, threat actors maintained access to SQL Servers and continued malicious campaigns undetected for longer than two weeks.

Once inside, server configurations are modified, administrative accounts are added, lateral movement is made, and the scope of attack grows. Log data for both the OS system and SQL Server, as well as trace data within SQL Server can provide visibility and insight into whether these systems have been compromised and what other threat actions are being taken.

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:

• Why SQL Servers make such great initial attack vectors
• What tactics and techniques are used once access is established

Nick is joined by Jordan Jasnoch, SQL Server expert and Solutions Engineer at Netwrix, who will discuss the role SQL Server attacks play when threat actors are going after data. He’ll talk a little about the need for data classification within your structured data to ensure you know where your most valuable data is, as well as perform a ride along of an attack by walking you through an attack through the lens of log and trace data, including:

• OS changes
• Database configuration changes
• Elevation of database privileges
• And more

Jordan will also discuss sixteen SQL Server security best practices that will help harden the security of your database servers.

This real training for free event will be jam packed with technical detail and real-world application.