A new report from cybersecurity company Trustwave Holdings Inc. has found that attacks targeting Microsoft Corp.’s MS SQL are skyrocketing and that database vulnerabilities are increasing across volatile regions.

The findings came from a four-month study that employed a network of honeypots, or decoy systems, set up in various regions around the world, including Central Europe, Russia, Ukraine, Poland, the U.K., China and the U.S. Nine popular database systems were examined: MS SQL Server, MySQL, Redis, MongoDB, PostgreSQL, Oracle DB, IBM DB2, Cassandra and Couchbase. MS SQL Server experienced significantly more attack activity than the others.

The study found that some databases were targeted more frequently than others for credential brute-force attacks and surprisingly, the U.K. was a particular hotspot for such attacks. The most attacked database after MS SQL Server was MySQL and then Redis.

Another takeaway from the study, and one not surprising given the ongoing Russian invasion of Ukraine, is that some attacks were country-specific rather than server-specific, with certain countries experiencing similar levels of attack on all their honeypot sensors. The study notes that attackers target specific countries or regions rather than randomly attacking any accessible server.

The study concludes with a call for ongoing research to keep up with evolving cyber threats and a recommendation for the use of database vulnerability scanners to enhance database security.

“The latest study from Trustwave highlights where cybercriminals have more automation and experience with different types of databases,” Joseph Carson, chief security scientist and advisory chief information security officer at privileged access management provider Delinea Inc., told SiliconANGLE. “Attackers tend to try and automate as many known exploits as possible and credential-based attacks so when new databases appear on the public internet the automated bots focus and attack them with increased intensity.”

Carson added that it’s no surprise MS SQL is a top target since it’s so commonly used. “However, the hope is that the best security practices are in place, such as multifactor authentication, strong privileged access controls and patch management to ensure that all known and common vulnerabilities are patched,” he said.

Image: Trustwave