Database-as-a-service supports a new Trojan-based attack that steals businesses' online banking credentials.
A new botnet used for stealing commercial online banking credentials relies on database-as-service platforms for command-and-control and storage of stolen booty -- and researchers call it a warning sign of the very real potential for targeted attacks on databases by outside attackers.
The attackers had infected at least 370 machines within five days via a banking Trojan that was discovered and studied by researchers at Imperva while it was under development by the malware creators. The malware connected to a command-and-control server and a dropper server, both of which were cloud-based MSSQL databases. The malware ultimately could be used to directly attack databases as well, the researchers say.
"We believe that there is malware addressing the database specifically. I've been saying this for as long as I've been in this industry, but there was never a sample to catch -- we finally [have] one" with that potential, said Barry Shteiman, director of security strategy at Imperva.
Gov Cloud: Executive Initiatives, Enterprise ExperienceIn this report, we'll examine the use of cloud services by government IT, including the requirements, executive initiatives and service qualifications, and auditing and procurement programs that make government cloud adoption unlike that in the private sector.