News
12/12/2013
01:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail

Cybercriminals Enlist Database Cloud Services

Database-as-a-service supports a new Trojan-based attack that steals businesses' online banking credentials.



A new botnet used for stealing commercial online banking credentials relies on database-as-service platforms for command-and-control and storage of stolen booty -- and researchers call it a warning sign of the very real potential for targeted attacks on databases by outside attackers.

The attackers had infected at least 370 machines within five days via a banking Trojan that was discovered and studied by researchers at Imperva while it was under development by the malware creators. The malware connected to a command-and-control server and a dropper server, both of which were cloud-based MSSQL databases. The malware ultimately could be used to directly attack databases as well, the researchers say.

"We believe that there is malware addressing the database specifically. I've been saying this for as long as I've been in this industry, but there was never a sample to catch -- we finally [have] one" with that potential, said Barry Shteiman, director of security strategy at Imperva.

Read the rest of this article on Dark Reading.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service