Should I Be Worried About skip-2.0?

A new piece of malware which hooks into SQL Server, skip-2.0, has been making the tech media rounds. If you’ve not read about it yet or you’re looking for more details, I’ve written a quick article discussing the finer details:

Skip-2.0 Malware Impacts SQL Server – Should I Be Worried?

The big takeaway I’ve been telling folks who have asked about it: skip-2.0 can only be deployed successfully *AFTER* the adversary has administrative rights to the OS. Therefore, it’s not a new way of getting in. It’s a way to maintain access and cover tracks. The real concern is how the adversary can get in. That’s not a SQL Server problem. That’s an OS and account management one.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: