Cybercriminals Enlist Database Cloud Services

Database-as-a-service supports a new Trojan-based attack that steals businesses' online banking credentials.

Kelly Jackson Higgins, Executive Editor at Dark Reading

December 12, 2013

1 Min Read
InformationWeek logo in a gray background | InformationWeek

A new botnet used for stealing commercial online banking credentials relies on database-as-service platforms for command-and-control and storage of stolen booty -- and researchers call it a warning sign of the very real potential for targeted attacks on databases by outside attackers.

The attackers had infected at least 370 machines within five days via a banking Trojan that was discovered and studied by researchers at Imperva while it was under development by the malware creators. The malware connected to a command-and-control server and a dropper server, both of which were cloud-based MSSQL databases. The malware ultimately could be used to directly attack databases as well, the researchers say.

"We believe that there is malware addressing the database specifically. I've been saying this for as long as I've been in this industry, but there was never a sample to catch -- we finally [have] one" with that potential, said Barry Shteiman, director of security strategy at Imperva.

Read the rest of this article on Dark Reading.

Read more about:

2013

About the Author

Kelly Jackson Higgins

Executive Editor at Dark Reading

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary.  Follow her on Twitter @kjhiggins.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights