
Database as a Service malware - codelion
http://www.imperva.com/docs/HII_Assessing_the_Threat_Landscape_of_DBaaS.pdf#!
======
zaroth
I would not describe this as "Database as a Service malware". What the report
is discussing is malware operators are starting to be paying customers of the
DBaaS providers.

The DBaaS is not a victim, except so far as their capabilities are being used
for evil. And the malware is not posing as a DBaaS operation just to get your
PII, hah , that would be a long con if it's happening. So title is a bit
misleading.

Malware operators take advantage of the latest tech the same way we all
should. They are trusting their C&C to the cloud based database, which is some
pretty valuable property. So at least to some extent it's an endorsement.

Ultimately the realization is that data isn't secure anywhere you store it.
Outsourcing it early might be beneficial, and ultimately you may have to bring
it back local if it gets to that point. So DBaaS is a hedged bet that lets you
focus on other things. Some applications can take that hedge, some can't. But
it's a big and growing market.

