Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Attackers commonly perform database enumeration to learn about information stored on a database server. An attacker can easily create simple SQL queries to search databases and the tables within a database. As a result, the attacker learns where valuable information is located and targets databases for additional attacks.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
Database information can be enumerated by an employee with authorized access to a database server or by an attacker who gains unauthorized access through malware, brute force techniques, or SQL injection. The attacker creates a simple query over a protocol such as MySQL, Oracle TNS, or Microsoft TDS to learn which databases the server is hosting (1). Another simple query helps the attacker learn the table names, which can indicate the type of information stored within those databases (2).
Implement the least privilege model for application accounts and remove root or system access on database accounts, which can help minimize potential damage
Review authentication methods and enforce policies for secure credentials creation and multi-factor authentication on databases
Implement strict audit controls that log every database change
