Security vendor Imperva says its new Hacker Intelligence Initiative report, “Assessing the Threat Landscape of DBaaS” pointed to a new malware platform for cybercriminals: Database as a Service (DBaaS). The report concludes that by bringing data one step closer to hackers, DBaaS makes it possible for hackers to compromise an organization’s database without accessing its network – ultimately increasing the risk of a data breach.
The report identified two factors that increase risk to corporate data: the relative ease of accessing cloud databases, as well as the ease of quickly turning a legitimate foothold on these servers into a privilege escalation attack.
The report says malware is now capable of connecting to both local and remote databases to retrieve, manipulate and exfiltrate information. It also claimed that malware can leverage DBaaS for botnet management (e.g., Command & Control as well as Dropper functionality). It concludes that cloud databases are prone to attacks via both privilege escalation and exposed vulnerabilities, as opposed to on-premise databases, which are mostly compromised via privilege escalation.
“Our research suggests that we will soon see autonomous malware targeting internal databases within organizations – which we believe would lead to a greater risk of infection and compromise within a network,” said Stree Naidu, Vice President, Imperva, Asia Pacific and Japan. “Organizations need to take the risks posed by cloud services into consideration as they decide which data they want to store externally, and adopt a mitigation strategy accordingly.”
According to Imperva the technology used by the malware suggests that very soon, autonomous malware targeting internal databases within organizations will become a reality. Imperva claims the infection is inevitable, and compromise of a portion of workstations within a network should be considered an inherent condition. It recommends that organizations improve controls around data stores as a mitigation strategy, focusing on technologies like database audit and database activity monitoring (DAM).
It notes that hosting data in the cloud exposes organizations to higher risks than originally perceived due to exposure of the database to technically savvy attackers and to the ease of obtaining a legitimate foothold on such a server, risk factors are increased. This can quickly be turned into a privilege escalation attack. It should also serve as a wake-up call for service providers to look for deploying virtual patching solutions.