Thursday, February 28, 2008 by Mistlee
Protecting Systems From "Malware As A Service"
Interesting new research was released today on Malware as a Service, with credentials stolen, and researchers cracking malware.
Security Company Finjan reports the first indication that the theft of FTP credentials was caused by hackers installing code at the Software as a Service (SaaS) level.
What's notable about this development is that hackers are using a software as a service (SaaS) model to deliver applications that are designed to abuse and trade FTP accounts. According to Finjan, this database may be the first use of SaaS for something other than legitimate means. Maybe we could call it HaaS: Hacking as a service. Source: ZDNet It looks like that this was a stand alone application that was installed on the server level, and enabled hackers to work behind the scenes to gather login information by mimicking a SaaS application.
Much like early trojaned applications, on the surface it looked like it was behaving normally, but in reality it was also performing functions that the hackers wanted it to perform.
This is part of the problem with security 2.0, with a distributed application, hackers can take advantage of any section of the process, and security engineers are ill equipped to deal with this kind of attack. There are few tools that will follow the application firing string along multiple systems, running multiple snippets of code, in a distributed hierarchy.
This is where and when security engineers need to understand the "why does it work the way it works, and where is it working across the framework" level of application hacking. Distributed applications make security harder, but not impossible, just finding the Malware as a Service (MaaS), we can better understand how this happened, where it happened in the hierarchy, and how to better protect our systems against these kinds of attacks. | |
|
0 comments:
Post a Comment