Database-as-a-service supports a new Trojan-based attack that steals businesses' online banking credentials.
A new botnet used for stealing commercial online banking credentials relies on database-as-service platforms for command-and-control and storage of stolen booty -- and researchers call it a warning sign of the very real potential for targeted attacks on databases by outside attackers.
The attackers had infected at least 370 machines within five days via a banking Trojan that was discovered and studied by researchers at Imperva while it was under development by the malware creators. The malware connected to a command-and-control server and a dropper server, both of which were cloud-based MSSQL databases. The malware ultimately could be used to directly attack databases as well, the researchers say.
"We believe that there is malware addressing the database specifically. I've been saying this for as long as I've been in this industry, but there was never a sample to catch -- we finally [have] one" with that potential, said Barry Shteiman, director of security strategy at Imperva.
The Next Generation of IT SupportThe workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device