Imperva: Cloud database services become a new malware platform

"Tenkine Server channel December 23 News" Recently, Imperva company released the latest Hacker Intelligence Action Report "Evaluation dhttp://www.aliyun.com/zixun/aggregation/13925.html" > Baas threat environment, through in-depth analysis of malicious software that uses shared host databases to command, control, and delete servers, discovers that Dbaas is a new malware platform exploited by hackers. The report also points out that Dbaas makes hackers closer to data and even attacks enterprise databases without access to the network, which undoubtedly increases the risk of data disclosure.

Imperva chief technology Officer Amichai Shulman said: "According to our research, you will soon notice the autonomous malware for the internal database of the enterprise." We think this will lead to a greater risk of data being infected and network attacks. Companies should take into account the risks associated with cloud services when deciding what data to keep in the cloud, and what strategies to take to deal with the risks. ”

In addition to the high risk of these obvious cloud services, the report also highlighted two factors that increase the risk of enterprise data: Access to cloud databases is relatively easy, and it is easier to quickly transform the legitimate paths of these servers into privilege elevation attacks. Other major findings include:

· Malware can now connect to local and remote databases to retrieve, manipulate, and divulge information.

· Malware can take full advantage of Dbaas for zombie network management (e.g. command, control, and delete computer functions)

· Local databases are often attacked because of elevated privileges, and cloud databases are more vulnerable because of elevation of privilege and vulnerability to exposure

Imperva is the pioneer and leader in the third largest enterprise security pillar, which fills the gap between endpoints and cyber defenses by directly protecting High-value applications and data assets in physical and virtual data centers. With a wide range of integrated security platforms tailored to today's security threats, Imperva data Center security solutions provide customers with the visibility and control they need to eliminate threats such as attack, theft, and fraud from within and outside the enterprise, reduce risk, and achieve regulatory compliance in a cost-effective manner. Imperva has more than 2,700 users in more than 75 countries and relies on our securesphere® platform to secure their business. Imperva is headquartered in the Redwood Coast of California, USA.