Artificial intelligence (AI) will almost certainly increase both the volume and the impact of cyberattacks in the near future, according to the National Cyber Security Centre (NCSC). The reason is simple: Readily available AI tools are now enabling less technical cybercriminals to plan and execute attacks that were previously beyond their capabilities. The threat is especially pressing for SQL Server databases, given the sensitive data they may contain makes them an attractive target.
This article explores the threat of AI-powered attacks on SQL Server and how organisations should adjust their cybersecurity strategy to effectively guard against them.
How Attackers Leverage AI
Although AI tools are not created to help cybercriminals, they can be manipulated into it with ease. For example, PentestGPT is a ChatGPT-based bot designed to assist with penetration testing. If someone were to ask it, “How can I perform a password spray attack against an SQL system administrator account?”, the tool’s programming should prevent it from providing detailed instructions. However, this safeguard can be easily bypassed by simply prefacing the question with an additional prompt indicating that they are a professional pentester who needs to perform this attack to test an organisation’s defences.
This type of manipulation has broad potential for enabling cybercriminals to gain specific instructions for executing attacks on SQL Server. For instance, they could list approaches for locating SQL servers or shares in a system, or for abusing NTLM password hashes to compromise user accounts.
However, there is some good news: Not every would-be cybercriminal is capable of using AI-generated instructions to perform an attack that severely damages a SQL Server. Instead, research has shown that effectively following the steps provided by an AI bot requires a fairly high level of IT security knowledge, especially when the response recommends using specific tools for particular tasks.
How to Defend Against AI-Powered Threats
The risk from cyberattacks, whether designed by humans or AI tools, is greater for organisations that have more weaknesses in their security posture. For example, failing to set up proper access controls makes it easier for malicious actors to access your SQL servers. Similarly, if you don’t continually audit access activity, cybercriminals are more likely to be able to avoid detection while following the instructions from AI tools.
The following best practices are vital to protecting SQL servers from both traditional and AI-supported attacks.
Classify Data
It’s vital for organisations to clearly understand the value of different types of data they store and process, as well as exactly where sensitive data is kept. Based on that detailed classification, the IT team can focus on protecting sensitive content, such as regulated and business-critical information, by implementing strong controls and auditing.
A robust data classification solution can automatically find data in an organisation’s SQL servers and other databases, determine whether it is subject to any common regulations or meets other criteria for sensitivity, and tag it in a way that other security solutions can use. For example, an identity and access management tool might require additional authentication steps when a user requests access to personal health information (PHI) covered by HIPAA or pre-emptively block any attempt to copy data tagged as intellectual property (IP).
Control Access
Since Active Directory often manages access to SQL servers, it is essential for organisations to deploy an AD solution that strictly enforces the least privilege principle. Ensuring that each user is granted just enough access to successfully perform the tasks they need to. In particular, this approach ensures that regular users never have permissions that are only intended for system administrators. Rigorously adhering to the principle of least privilege significantly limits the damage that an account could inflict, whether it is misused by its legitimate owner (either accidentally or deliberately) or compromised by a malicious actor.
To maintain a least-privilege model over time, the AD solution needs to facilitate regular reviews of access rights and enable any unnecessary permissions to be promptly removed.
Audit Activity
A strong AD security solution must also monitor and report on activity associated with SQL servers. For example, it should track all failed logins and all attempts to modify sensitive data and provided detailed insights about each event – including the workstation or application where it originated.
The best solutions automatically detect suspicious activity and immediately alert security specialists so they can quickly investigate and shut down attacks on their SQL servers. In addition to strong access controls and monitoring, using a SQL query optimization tool can improve database performance and reduce vulnerabilities tied to inefficient or exposed query logic.
Conclusion
Cybercriminals eagerly seize any opportunity to access the valuable data stored in SQL Server and today’s AI tools are enabling better and more frequent attacks. To reduce the risk of costly breaches and compliance violations, organisations must establish robust security measures. Indeed, when IT teams classify their data, strictly limit access rights, and continuously monitor for suspicious activity they can make the task of compromising SQL Server as difficult as it was before AI.
