Hackread reports that more than 800,000 PostgreSQL databases with insecure passwords could be compromised with the new PG_MEM malware, which enables cryptocurrency mining.
Intrusions commence with brute-force attempts to guess the PostgreSQL database's credentials, which when achieved would be followed by the establishment of a superuser role that would ensure database access even after modifications to the original credentials, a report from Aqua Security's Nautilus threat research team revealed. After obtaining system information, threat actors proceeded with the downloading and execution of cryptomining software and other payloads, said the report. Aside from modifying system configuration files and creating cron jobs to maintain persistence, attackers have also moved to remote logs and files to avoid detection, researchers added. Such findings should prompt organizations to bolster threat monitoring and authentication methods, implement threat detection tools, and ensure database isolation from their networks.
