Feeds

Amazon's public cloud fingered as US's biggest MALWARE LAIR

Cyber-crooks lurve Bezos & Co's servers and their whitelisted IP addresses

Boost IT visibility and business value

Amazon's public cloud is the largest haven of malware spreaders in the US, according to security company Solutionary.

The claims are in the outfit's "Quarterly Threat Intelligence Report" [PDF], which uses data from Solutionary's ActiveGuard Security and Compliance Platform. It was published on Wednesday.

"Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier. Now we have to maintain our focus not only on the most dangerous parts of the Web but also on the parts we expect to be more trustworthy," said Rob Kraus, director of research in Solutionary's Security Engineering Research Team (SERT).

The company claimed that the United States provides 4.6 times more software nasties to the world than Germany, the next leading country. Solutionary also reckons Amazon Web Services, web host biz OVH and Google are preferred by malware-slinging crooks.

"The cloud has become a preferred mode for malicious actors who are using cloud computing for many of the same reasons that legitimate customers are," the report stated.

It claimed that ease of website development, the low costs of hosting, and that Amazon and Google-provided IP addresses tend to be trusted on the internet, made the pair's pools of computers an excellent foundation for malware.

"Attackers are leveraging services like Amazon and GoDaddy by either buying services directly or by compromising legitimate domains," the report stated. "These providers are likely targets due to the transient nature of many of their users and the lack of formal hardening."

All cloud providers worth their salt have stringent security policies that give crooks the boot as soon as they're discovered. However, the scale of the clouds operated by the larger companies – tens of thousands to hundreds of thousands of servers with millions of ephemeral jobs per month – means it's a tough gig to spot and shoot down nasties running on the gear.

This isn't the first time Amazon has come in for criticism over what's held in its cloud: in July 2011, security firm Kaspersky said the S3 storage service had been caught hosting the nasty SpyEye banking trojan.

Solutionary's advice for companies wishing to protect themselves from threats served off of the mega-clouds is simple: hire better staff.

"It is possible for an untrained analyst or IT staff member who does not normally handle security to overlook an event or alert because the associated IP address belongs to Google, Amazon or some other well-known provider," the firm wrote. "Over the past few months, SERT has observed an increase of malicious domains being hosted on major hosting providers."

Alongside the cloud research, the report comes with some typical antivirus-vendor scarification: some malware samples gathered late last year were undetectable by at least 40 antivirus engines, and of the files obtained, 26 percent were plain old executables (as opposed to documents that exploit holes in software, we presume).

At the time of writing neither Amazon or GoDaddy had returned to an El Reg request for comment on the report. Companies that think they've spotted malicious activity on AWS can email ec2-abuse at amazon do com. ®

Boost IT visibility and business value

More from The Register

next story
HP busts out new ProLiant Gen9 servers
Think those are cool? Wait till you get a load of our racks
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
Community chest: Storage firms need to pay open-source debts
Samba implementation? Time to get some devs on the job
Like condoms, data now comes in big and HUGE sizes
Linux Foundation lights a fire under storage devs with new conference
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
Gamma's not a goner! UK ISP sorts out major outage
Says BT is the root of the problem
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.