Dethroning Ransomware Infections in the Cloud Databases used for Modern Applications
Attackers are targeting cloud databases used for modern applications to subvert the integrity and confidentiality of the stored data. Databases include MongoDB, Elasticsearch, etc., are being infected with ransomware and exploited in the wild to conduct data exfiltration and data destruction. In this talk, we present a threat landscape of ransomware and botnet infections in the databases deployed for modern applications. The talk unveils the techniques and tactics for detecting ransomware and botnet infections in the cloud databases by practically demonstrating the detection of real-world infections using developed tools. The audience can use the tools to conduct efficient security assessment of cloud databases against stringent infections. The talk equips the threat researchers and penetration testers to build threat intelligence that can be consumed at a large scale.