STE WILLIAMS

Thieves pinched the credit card data for hundreds of attendees of two conferences held in Boston, a city in the US state of Massachusetts, this past autumn.

The Boston Globe said on Wednesday that victims have reported fraudulent purchases made on their accounts around the US and overseas.

It’s unclear how the thieves got the card numbers, although many victims said they used their credit cards in Boston restaurants and businesses – particularly in the Seaport District, where the Boston Convention Exhibition Center that they were attending is located.

Georges Benjamin, executive director of the American Public Health Association, told the Boston Globe that this is the first time his group has experienced such a thing.

The group hosted 13,000 convention-goers in early November, out of which, so far, 100 have reported that fraud was carried out on their accounts.

In one case, a crook tried to make a $100,000 purchase on one of the accounts.

Another 200 people reported unauthorized charges after attending the annual conference of the American Society of Human Genetics, which hosted 8,000 attendees at the convention center in October.

The Boston businesses that could prove to be the weak spot have claimed that they’re not the source of the breach.

For its part, the public authority that runs the convention center – Massachusetts Convention Center Authority (MCCA) – said that the data breach didn’t happen inside the convention hall.

MCAA spokesman Mac Daniel said in a statement seen by the Boston Globe that the authority began investigating around Thanksgiving after having received complaints from the two conference groups and at this point has concluded that the breaches didn’t happen at its facility:

After running internal checks and working with our customers, we found that no alleged theft occurred in any MCCA facility and appeared to occur at bars and restaurants across the city.

James E. Rooney, Executive Director of the MCCA, said in a statement that seven of its own employees were also victimized in the breach.

The general manager of a hotel connected to the convention center that hosted many attendees, the Westin Boston Waterfront Hotel, also told the Boston Globe that the breaches hadn’t originated in its systems.

A spokeswoman for the Briar Group, which owns M.J. O’Connor’s Restaurant as well as City Bar inside the Westin, told the Boston Globe that its security consultants hadn’t detected any system problems and that the company complies with security standards as outlined by the payment card industry.

So, at the moment, it’s unclear where the source of the data breach is.

Let’s hope it turns up soon so no one else falls victim.

Follow @LisaVaas

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/uVAHH2ESIT4/

TeamBerserk hackers are back.

They’ve sided with a sheriff in the US state of Texas in a dispute over a teacher picking thrown-away school furniture out of the trash, have leaked 23 documents stolen from the judge’s computer, have used the judge’s credit card to order what Softpedia reports is a total of 18 sex toys, and have shown prodigious talent at making images out of keyboard characters that will forever change the way you view “x”, “@” and “s” if you click through to their Pastebin message.

(Warning: At least one of the Pastebin images are probably NSFW, albeit they’d be very appropriate for a gallery show on keyboard character artwork.)

The TeamBerserk crew align themselves with the Anonymous hacktivist brand but carry out their own operations.

In October, they announced that they were taking a breather from their attacks, which they say have been carried out against such organizations as the US Office of Personnel Management, HITRUST, Interactive Data, CITIC, the Chinese University of Hong Kong, New Mexico ISP Plateau, The West Australian, Loretto Telecom, and California-based ISP Sebastian.

Now, they’re back, as spotted by Softpedia’s Eduard Kovacs, and they’re ready for more lulz, as they said in their comeback message:

After many days at port, days filled with rum, women and lulz – which have recovered us. We have again united for an explosive several weeks of exploitation, mayhem and LoLz.

In the Pastebin message, they threatened “corporations and governments”, with Judge Souli A. Shanklin appearing to be their first target as part of ProjectMayhem, a campaign Anonymous first announced in 2011.

The dispute with Judge Shanklin dates back to a conflict that flared up in September between Edwards County Sheriff Pam Elliott and Rocksprings Independent School District Superintendent David Velky.

After claiming to have analyzed the case, the hackers said that they’re on the sheriff’s side:

We TeamBerserk agree with Sheriff Pam Eliott [sic]. You have been placing pressure on board members to do your bidding and you have concealed information. This information will be publicly available soon.

At this very moment we are sorting through and analyzing all of your accounts. We have gained remote access to your cell phones and we have conversation logs between you and various, shall we say.. characters of shady backgrounds.

All of your Android devices are under our control as well as your personal nets.

TeamBerserk claims to have ordered several dildos from Velky’s Amazon account, as they did from Judge Shanklin’s account, and published screenshots as proof.

Kovacs reported on Wednesday that the hackers hijacked Velky’s LinkedIn account and leaked seven more documents related to Judge Shanklin.

Although some might see these antics as amusing, let’s get serious kids. Don’t try this at home.

As it is, when TeamBerserk went on hiatus in October, it noted that various members had just finished jail terms.

Credit card fraud is illegal, as it should be, even if you use the stolen credit card to send truly tasteful Christmas gifts such as those selected by TeamBerserk.

The US legal system doesn’t have much of a sense of humor.

For evidence of that, you don’t have to look any further than to the $183,000 penalty dished out to Eric Rosol this week for participating in an Anonymous-organized DDoS against Koch Industries for one measly minute.

High financial penalties and jail terms against hackers and ‘hacktivists’ alike are rife.

Is it really worth the lulz?

Follow @LisaVaas

Follow @NakedSecurity

Image of XXX button courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/Su_mqx8ujR0/

Beware messages that appear to be invitations to connect on LinkedIn — that’s a phishing attacker’s favorite ruse, according to a study published Wednesday.

The 2013 phishing study, published by security vendor Websense, offers a list of the top five subject lines used by attackers to disguise phishing emails. The list:

1. Invitation to connect on LinkedIn

2. Mail delivery failed: returning message to sender

3. Dear Customer

4. Comunicazione importante

5. Undelivered — Mail Returned to Sender

“The list portrays how cybercriminals are attempting to fool recipients into clicking a malicious link or downloading an infected file by using business-focused and legitimate-looking subject lines,” the study says. “Scammers will use any means necessary to increase the likelihood of an inspire-to-click campaign.”

The study also offers a look at the geographic origin of phishing websites. China is the most frequent hoster of phishing URLs, followed by the United States, Germany, and the United Kingdom, according to Websense.

The incidence of phishing messages overall is 0.5 percent, Websense says, down from 1.12 percent in 2012.

“Today’s phishing campaigns are lower in volume but much more targeted,” the study says. “Cybercriminals aren’t simply throwing millions of emails over the fence. They are instead targeting their attack strategies with sophisticated techniques and integrating social engineering tactics. Scammers use social networks to conduct their recon and research their prey. Once the intelligence is harvested, they use that information to carefully construct email lures and yield maximum success.”

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/applications/study-beware-linkedin-invitations-mail-d/240164693

Security firms have typically taken one of two approaches to protecting their customers: Detect bad code and block it, or validate wanted applications and allow them to run.

Yet, determining whether a file, script or executable binary is malicious is not an easy task, and often defensive technologies have missed the more subtle or sophisticated attacks that insert exploit code as part of a common file format, such as Office or portable document format (PDF) files. While some companies banned scripts as a way to fend off macro viruses in the late 90s and early 2000s, now security firms are finding ways to sanitize common file formats, removing or modifying executable code within the files to stymie attackers.

Last week, for example, security firm Symantec announced it had added a feature, known as Disarm, to its messaging-security gateway to remove executable code from Office and PDF files. Such sanitizing would have rendered harmless 98 percent of the zero-day exploits used in targeted attacks in the last year, says Darren Shou, director of Symantec Research Labs.

“With these previous technologies, you had to make determination about the goodness and badness of something, and then you had to make the determination of whether to allow it to go through or not,” he says. “What turns this idea on its head is that we are not going to make any determination, and that is the fundamental difference.”

Targeted attacks, often referred to as advanced persistent threats (APTs), are designed to evade traditional signature-based detection and often operate under the threshold of behavioral-based pattern recognition systems. Commonly, attackers will insert exploit code in common files attached to e-mail messages or link to the files, which are then downloaded from the Web.

Yet, the process of sanitizing files can remove the vector of attacks, if not the attack itself. The technique promises to defeat a class of attacks that traditional passive defenses have had a hard time beating.

Symantec is not the only company using sanitization to clean files of executable code. For the past four years, Israeli security firm Votiro has used a similar concept to render ineffective any exploit code in common file formats. Rather than try to remove exploitable code, the company makes, what it calls, “microchanges” to particular portions of the file to block any potential malicious code, says Itay Glick, founder and CEO of Votiro.

“We are not looking for bad stuff, because we don’t know what the bad stuff will look like,” he says. “What we do is look at the file itself and make microchanges to create interference and prevent the exploit from running correctly.”

In addition to Office and PDF files, the company currently sanitizes image files. In the future, it plans to also render audio and video files safe as well, says Glick.

[Overly accommodating platforms and protocols let attackers use inputs like code, essentially allowing attackers to program an unintentional virtual machine. See Taming Bad Inputs Means Taking Aim At ‘Weird Machines’.]

Microsoft has also had a history of finding ways to make its software more resistent to exploits, adding technologies such as address space layout randomization (ASLR) to make exploits less reliable.

Sanitizing files should be used as another layer in a company’s defense-in-depth strategy, says Amanda Grady, senior product manager for Symantec. Companies that have multiple employees using a single account or that are prone to targeted attacks may want to go beyond just blocking executable files to blocking any scripts or code embedded within files, she says.

“If they want to have a clean room type of environment, where they don’t want to let any executable content in over e-mail, they could do that with this technology,” Grady says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/advanced-threats/firms-eliminate-embedded-code-to-foil-ta/240164687

Redwood Shores, Calif. – December 11, 2013 – Cloud security leader Total Defense, Inc. today announced the launch of a new partner program aimed at managed service providers (MSPs), enabling them to grow their businesses with the company’s cloud-based Web, email and endpoint security solutions. With this new program, Total Defense provides MSPs the ability to confidently monitor, protect and manage their clients’ networks, while providing them with a recurring revenue stream unmatched by on-premise software and hardware solutions.

Also announced today, IDC has recognized Total Defense as a Major Player in the Worldwide Enterprise Messaging Security MarketScape1, stating that: “This position reflects Total Defense’s pure cloud approach to messaging security, combined with cloud-based Web and endpoint security technologies, making the company a competitive choice for SMBs and midsize enterprises interested in moving to cloud-based security technology models.”

MSPs play a significant part in helping small and midsize enterprises (SMEs) protect and maintain their networks. With cloud, virtualization and mobile completely erasing the network perimeter, the smallest security weakness could lead to substantial business impact from loss of data, revenue and productivity. Total Defense for Business allows partners to deliver unsurpassed protection for their customers and in the process generate an additional high margin revenue stream.

“MSPs are central to our growth plan moving forward and we’re excited about the opportunity to integrate partners more closely into our business,” said Paul Lipman, CEO at Total Defense. “MSPs need the ability to adapt to emerging threats to better protect their customers and Total Defense for Business is a natural choice to help make that happen. As evidenced by our IDC positioning as a Major Player, we’re providing superior, proactive security with 24/7 client protection, allowing MSPs to create more strategic engagements with their customers.”

This newly established partner program builds on the extensive market validation achieved by the Total Defense for Business security management solution across industries and around the world over the last year. Total Defense for Business is the only unified content and endpoint security service on the market, available on-demand, via the cloud. Customers and partners alike are realizing the benefits of a single cloud-based console and policy engine that reduces security complexity and costs, while providing unparalleled protection by blocking threats in the cloud.

“We’re thrilled to partner with a company that provides such an agile and scalable cloud-based security management solution that can easily answer the needs of our customers, no matter their size,” said Scott Poehlman, Services Director at Wired Solutions, LLC. “In addition to a game-changing, top-notch security platform, Total Defense gives us the ability to grow our business by providing the most partner-friendly account management we’ve seen in the industry.”

Delivered via the cloud, Total Defense for Business can be rapidly deployed and requires zero up-front costs and no hardware to provision or manage, making it completely seamless for partners and their customers. Total Defense also provides partners with sales and technical training, including 24/7 online and onsite pre-and post-sales technical support. The company also offers MSPs the ability to white label the cloud-based security management platform, retaining brand consistency and dramatically increasing market and revenue opportunities.

Total Defense for Business is the industry’s most complete offering for protecting against today’s complex blended threats, combining the power, flexibility and ease of a cloud-based service offering with a seamlessly integrated suite of critical technologies – advanced endpoint anti-malware and application controls; Web filtering and malware protection; and anti-spam and email threat prevention. This combination of simplified delivery and solution-completeness is unique to Total Defense for Business.

To learn more about the Total Defense partner program, please visit: http://www.totaldefense.com/msp/index.html.

1. IDC MarketScape: Worldwide Enterprise Messaging Security SaaS 2013-2014 Vendor Analysis (doc #244390, November 2013)

About Total Defense

Total Defense is the leading provider of content and endpoint security from the cloud. We keep organizations and individuals safe from cybercrime, malware and digital threats. Thousands of businesses across a wide array of industries have deployed our solutions, including some of the most sophisticated buyers of security technology worldwide, and millions of consumers worldwide use Total Defense’s products. Total Defense has operations in New York, California, Europe, Israel and Asia.

About IDC MarketScape

IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT (information and communications technology) suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of IT and telecommunications vendors can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective vendors.

Article source: http://www.darkreading.com/management/total-defense-adds-new-partner-program/240164679

London, UK – 11 December 2013 – As user engagement with ecommerce sites and online services inevitably increases in the run up to Christmas, new research commissioned by CertiVox finds that almost a quarter (24%) of UK consumers have had their account hacked or data stolen for an online service, with five% having been compromised more than once.

As consumers continue to head online in their droves to do their Christmas shopping, they expect their details to be secure. However, when asked about the services for which accounts had been hacked, it was found that 25% of the incidents involved Hotmail, 21% involved Facebook and 11% involved Yahoo!, Yahoo! Mail or Y! Mail accounts. Considering a lot of consumers use the same password across a number of sites and many retail sites have customers using email addresses as usernames or allow users to login through Facebook, this will be a worry for online Christmas shoppers. Retail and payment services also featured in the research with 6% of hacking incidents involving PayPal and 4% involving eBay.

The research, conducted by Populus among a representative sample of 2,012 UK respondents, also looked at the actions consumers would take following a data breach, and found that a huge 25% of respondents said that they would terminate a service immediately if their account was compromised or data stolen. This is an alarming figure for companies that have experienced breaches, and those still relying on the flawed username and password system. In addition to this, some 16% of respondents also said that that they would look for an alternative service and move if a suitable replacement was found. Only 37% say they would reset their details and carry on using the service as normal.

Perhaps unsurprisingly, given the number of people who have had accounts or data compromised, the research also found that only 60% of respondents trust the username and password authentication process as a secure way to access online services. 26% don’t trust the process and a further 14% are unsure.

Commenting on the findings, Brian Spector, CEO of CertiVox said, “This research shows that despite the rush of Christmas shopping online, many consumers are wary and believe that the username and password authentication system is not secure enough to protect their data. When you consider this coupled with the fact that the services identified as being hacked the most are some of the biggest names in technology with hundreds of millions, or even billions of users, it is amazing that there hasn’t been a whole-scale move away from usernames and passwords.

“It is clear from the research that services which do not secure their users’ data adequately are likely to start seeing users move away. This should act as a prompt to businesses everywhere to consider their security more carefully than ever before.”

Methodology

The research surveyed a UK representative sample of 2012 adults (18+) on their views on online security in December 2013. Specifically consumers were asked about their views on the username and password system, additional security measures, and their own experience of online security breaches.

-END-

About CertiVox

CertiVox was founded in 2008 based on one simple belief: that every business, enterprise, organization and individual has the right to secure their information simply and easily. Delivering on that belief has enabled us to build a customer base across many industries – government, legal, financial and cloud orchestration – that also includes some of the biggest names in the world. Organizations such as BAE Systems, Hitachi, Intel, Panasonic, Toyota, PKWARE and Parallels have put their trust in CertiVox to help secure their systems.

CertiVox’s proven expertise in both encryption and authentication means we are the only company in the global market today that can arm businesses and individuals with easy-to-use, certificateless security solutions for all things Internet. CertiVox is headquartered in London, UK with offices in Dublin, Ireland and Sofia, Bulgaria.

For more information, visit www.certivox.com

Article source: http://www.darkreading.com/end-user/one-in-four-uk-consumers-have-had-online/240164680

San Francisco, CA – December 9, 2013 – Anturis Inc., a vanguard IT solutions company, today announced that it has closed its $2 million Series A round of funding, led by Runa Capital and VEB Innovations (Vnesheconombank group). The company will use the funds for the international expansion of its popular IT monitoring and troubleshooting solution designed for SMBs (small to medium size businesses) and ISP companies, as well as for further research and development and new marketing and sales initiatives.

Previous investment helped to double the size of Anturis’ workforce, finalize and successfully launch the commercial version of its monitoring service and close deals with several business partners and customers worldwide.

Already a two billion dollar industry, 24×7 IT infrastructure monitoring is a must-have for every organization doing business or representing their brand online. Anturis has bridged the expectation gap between enterprise grade, prohibitively expensive solutions, and open source or DIY choices. Anturis simply offers the IT infrastructure monitoring and troubleshooting service that includes the features any SMB company needs. It’s also simple to set up and use through Anturis’ elegant cloud based interface.

“Today, website and network uptime is critical for most businesses,” said Dmitry Chikhachev, Co-Founder and Managing Partner, Runa Capital. “Anturis brings a solution that is comprehensive but simple to use and does not require a big IT department. We see large potential in Anturis and have a long-term goal to make it the number one monitoring service for the soon to be $1 trillion SMB software market.”

“Our mission is to keep the IT infrastructure of millions of businesses around the world up and running every minute of the day,” said Sergey Nevstruev, Anturis CEO. “To accomplish this we have painstakingly developed the ideal solution, both comprehensive but simple to administer. With this round of funding, we will expand our worldwide reach and help eliminate ‘downtime’ from the business vocabulary.”

Anturis is specifically tailored to meet the needs of SMBs that do not have advanced IT departments or a large IT budget. Anturis delivers enterprise-grade IT infrastructure monitoring and troubleshooting in a simple, affordable and easy-to-setup and use solution.

The Anturis IT monitoring solution provides the ability for:

External monitoring and troubleshooting of Web services

Internal monitoring of servers and applications

Instant, reliable and actionable alerts

Reports, graphs and intuitive infrastructure dashboard

Drill down tools enable to find the root of problem for faster troubleshooting

cPanel WHM integration plugin

Anturis does not require extra hardware resources. There is no complex software to install and maintain, and users do not need to go through tedious configuration to get up and running with the solution.

About Anturis Inc.

A vanguard IT solutions company, Anturis Inc. is the developer of IT infrastructure monitoring and troubleshooting solutions for small to medium sized businesses. Launched in early 2013, Anturis is already used and trusted by customers around the world. Anturis delivers organizations of all kinds a 24×7 comprehensive monitoring and troubleshooting service that is feature rich, affordable and easy to set up and use. Anturis Inc. was founded by successful IT entrepreneurs Serguei Beloussov, Max Tsypliaev and Ilya Zubarev. For more information, or to start using Anturis now, visit www.anturis.com

About Runa Capital

Runa Capital is a $135M venture capital firm established to seek growth opportunities in the rapidly growing areas of the tech sector, with specific focus on cloud computing and other hosted services, virtualization and mobile applications. Partners and fund investors have experience in creating or developing companies with assets worth more than $10 billion. The key execution point is to select promising teams and drive and support them in the global marketplace, turning them into international champions. Runa Capital is run by a team of successful entrepreneurs, most of whom have worked together for over 15 years. Runa Capital’s investments announced to date include: Anturis, Nginx, Jelastic, Ecwid, Zopa, LinguaLeo, BigTime Software, Capptain, Mambu, Rocketbank, Infratel, Dnevnik.ru, Wallarm, Acumatica and others. www.runacap.com

Article source: http://www.darkreading.com/management/it-monitoring-leader-anturis-closes-2-mi/240164681

Our latest Security Threat Report is out!

It’s a free download (no registration required), and we think you’re going to love it, because it paints a fascinating picture of the evolving threat from cybercrime.

Of course, the report isn’t all doom and gloom about the Bad Guys.

It includes a range of security tips, and a section on proactive protection, entitled Staying Ahead of Today’s Most Sophisticated Attacks.

The report isn’t just about Windows and Windows malware, either.

You’ll find a wealth of information about how the cybercrooks are broadening their attack horizons to the Mac, Linux and Android platforms, too.

This is important material because it necessitates that we broaden our defensive horizons in reply.

The report also looks the technology and the underground economy behind crimeware tools such as exploit kits, botnets, click fraud, ransomware, and more.

As well as being a fascinating read, the Security Threat Report 2014 will help you to understand and to protect yourself against an enemy that is becoming ever smarter, shadier and stealthier.

What we suggest is that you grab a copy of the report, open it on-screen, and then take a listen to the short podcast below, as Sophos experts Chester Wiskniewski and John Shier talk you through it.

Their passionate and well-informed commentary will give you plenty of food for thought:

(Audio player not working? Download MP3, or listen on Soundcloud.)

By the way, if your job includes promoting better security to other people, for example through talks and articles, don’t miss the Press Kit that goes along with the Threat Report.

The Press Kit includes standlone images from the report that you can use in your own presentations; infographics you can use as supporting evidence in your own articles; and a selection of white papers for further reading:

• Dont Let Data Loss Burn a Hole in Your Budget
• Five Stages of a Web Malware Attack
• Simple Security Better Security
• The Rise of Mobile Malware
• Who’s Snooping on Your Email

Enjoy the report, and don’t be shy to let us know what you think in the comments below. (You may comment anonymously.)

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/fyEJfszMfe4/

Leaked National Security Agency slides reveal that the intelligence agency has been using Google’s tracking cookies to identify targets for offensive NSA hacking operations.

So said a Washington Post report, published Tuesday, which is based on documents leaked by NSA whistleblower Edward Snowden.

According to the documents, both the NSA and its British counterpart, GHCQ, have been using cookies — which are tracking files placed on users’ systems by websites and advertising networks — to help them track web users that they’ve previously seen. “The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the ‘PREF’ cookie,” according to the Post report. “These cookies typically don’t contain personal information, such as someone’s name or e-mail address, but they do contain numeric codes that enable websites to uniquely identify a person’s browser.”

Read the full article here.

Have a comment on this story? Please click “Discuss” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/government-vertical/nsa-tracks-targets-with-google-cookies/240164643

A new botnet used for stealing commercial online banking credentials relies on database-as-service platforms for command-and-control and storage of stolen booty in what researchers call a warning sign of the very real potential for targeted attacks on databases by outside attackers.

The attackers had infected at least 370 machines within five days via a banking Trojan that was discovered and studied by researchers at Imperva while it was under development by the malware creators. The malware connected to a command and control server and a dropper server, both of which were cloud-based MSSQL databases. The malware ultimately could be used to directly attack databases as well, the researchers say.

“We believe that there is malware addressing the database specifically. I’ve been saying this for as long as I’ve been in this industry, but there was never a sample to catch—we finally [have] one” with that potential, says Barry Shteiman, director of security strategy at Imperva.

Given that most crimeware today is modular and the main vehicle of the attack is the database connection, the malware easily could be expanded to infect databases as well, according to Imperva.

“[The malware] didn’t actually attack the database. But what we see is a trend of the malware being able to connect out of the box; it’s modular,” says Michael Cherny, Application Defense Center Data Research Team Leader. “It could connect to the local database as well. It’s just a matter of the use.”

Database breaches typically occur via a malicious user with administrative privileges, or via an infected end user’s machine whose privileges are escalated so the attacker can impose his will on the database, Shteiman notes. “But malware with database capabilities changes the game,” he says. “All of a sudden, we have virus writers and crimeware kits.”

“On premise, IT knows who it gives users to, who is a DBA and who’s not, and may restrict as much as possible, where in the cloud that is not even an obstacle to hackers, since they can just register as a ‘customer’ of the database-as-a-service platform, get a user, and go from there,” he says.

Shteiman and his team believe malware targeting internal enterprise databases will occur “very soon” based on their findings. In a report on the research published today, the security vendor says such an infection is “inevitable, and compromise of a portion of workstations within a network should be considered an inherent condition.”

And businesses who host their data with cloud are risk. “Due to the exposure of the database to technically savvy attackers and to the ease of obtaining a legitimate foothold on such a server, risk factors are increased. This can quickly be turned into a privilege escalation attack,” the report says.

Adrian Lane, analyst and CTO at Securosis LLC, says abusing cloud services for attacks is a natural threat, and database-as-a-service is just another vector for that. “You can spin up cloud instances on demand, using fake or real credit card or debit card accounts, and use them for botnet CC,” for example, he says.

Stored databases typically are not scanned for malicious content, he says, which makes them even more attractive to the bad guys. Nor do many cloud service providers scan their tenants’ files for viruses, he says. “Second, using the infected database as a platform makes it more difficult to detect activity as the database is a known process, the activity runs within the database — making malicious code more difficult to detect. Third, most IDS [intrusion detection system] platforms don’t look very closely at app-layer traffic,” Lane says.

The new malware discovery by Imperva highlights the inherent dangers of putting sensitive data in the cloud, says Brian Lowans, principal research analyst with Gartner. “What’s sensitive that’s going into the cloud, and what are the risks of storing that data, who’s accessing it, and is the enterprise satisfied with the protection mechanisms in place?” he says.

“This [research] highlights a potential threat, of external access by malware. That’s always present,” Lowans says.

[Independent Oracle Users Group (IOUG) 2013 Enterprise Data Security Survey finds good security practices still a reach goal for the majority of organizations. See 7 Habits Of Highly Secure Database Administrators . ]

Since most enterprise database platforms run in the cloud, they could be vulnerable to cloud-borne attacks, Securosis’ Lane says. “Keep in mind that most enterprise database platforms run in the cloud – Oracle, for example — so they are potentially vulnerable to the same SQL injection and command escalation attacks as normal,” he says. “Some, like SQL Azure, are not the same old relational platforms behind the scenes … the back-end functions are different, so they don’t necessarily have any of the same vulnerabilities as on-prem enterprise database servers.”

So those attacks with work against enterprise databases running in the cloud, but probably not against databases architected for the cloud, he says.

The full report by Imperva is available here (PDF).

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/cybercriminals-now-elisting-database-clo/240164662