"Ransomware" or "Ransom-War:" Evolving Landscape of Threats in Cloud Databases
The attackers are targeting cloud databases used for modern applications to subvert the integrity and confidentiality of the stored data. Databases, including MongoDB, Elasticsearch, etc., are being infected with ransomware and exploited in the wild to conduct data exfiltration and data destruction. This talk will present a threat landscape of ransomware and botnet infections in the databases deployed for modern applications. The talk unveils the techniques and tactics for detecting ransomware and botnet infections in cloud databases by practically demonstrating the detection of real-world infections using developed tools. The audience can use the tools to conduct an efficient security assessment of cloud databases against severe infections. The talk equips threat researchers and penetration testers to build threat intelligence that can be consumed at a large scale. The audience will visualise real-time ransomware detection in cloud databases, including interesting insights into how these databases are compromised.