Only PostgreSQL databases running on Linux servers have been attacked so far.
Security researchers have discovered this week a botnet operation that targets PostgreSQL databases to install a cryptocurrency miner. Codenamed by researchers as PgMiner, the botnet is just the latest in a long list of recent cybercrime operations that target web-tech for monetary profits. According to researchers at Palo Alto Networks‘ Unit 42, the botnet operates by performing brute-force attacks against internet-accessible PostgreSQL databases. The attacks follow a simple pattern. The botnet randomly picks a public network range (e.g.,18.xxx.xxx.xxx) and then iterates through all IP addresses part of that range, searching for systems that have the PostgreSQL port (port 5432) exposed online.
