If you haven't seen this, worth reading:

"A new malware gang has made a name for itself over the past few months by hacking into Microsoft SQL Servers (MSSQL) and installing a crypto-miner. [...]
the botnet has exclusively spread by scanning the internet for MSSQL servers and then performing brute-force attacks by repeatedly trying the admin account with various weak passwords."

https://www.zdnet.com/article/new-mr...sql-databases/