Government // Cloud computing
News
12/12/2013
01:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Cybercriminals Enlist Database Cloud Services

Database-as-a-service supports a new Trojan-based attack that steals businesses' online banking credentials.

A new botnet used for stealing commercial online banking credentials relies on database-as-service platforms for command-and-control and storage of stolen booty -- and researchers call it a warning sign of the very real potential for targeted attacks on databases by outside attackers.

The attackers had infected at least 370 machines within five days via a banking Trojan that was discovered and studied by researchers at Imperva while it was under development by the malware creators. The malware connected to a command-and-control server and a dropper server, both of which were cloud-based MSSQL databases. The malware ultimately could be used to directly attack databases as well, the researchers say.

"We believe that there is malware addressing the database specifically. I've been saying this for as long as I've been in this industry, but there was never a sample to catch -- we finally [have] one" with that potential, said Barry Shteiman, director of security strategy at Imperva.

Read the rest of this article on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
12/15/2013 | 9:41:18 PM
They're here...
I was waiting for this to come up.  The pure accessibility of ocmputing power now available thanks to cloud means we are going to see way more powerful attacks, since bots and malware can be run easily from any remote server hosted in a cloud environment.  Even worse, if these are part of a public cloud, such as a multi-tenant environment, the risk of infecting across the hypervisor is even more real.  This just reminds us of the risks that come from cloud, not just in securing our own information, but how it can be used as a threat itself.
Gov Cloud: Executive Initiatives, Enterprise Experience
Gov Cloud: Executive Initiatives, Enterprise Experience
In this report, we'll examine the use of cloud services by government IT, including the requirements, executive initiatives and service qualifications, and auditing and procurement programs that make government cloud adoption unlike that in the private sector.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.