Feeds

Amazon's public cloud fingered as US's biggest MALWARE LAIR

Cyber-crooks lurve Bezos & Co's servers and their whitelisted IP addresses

Combat fraud and increase customer satisfaction

Amazon's public cloud is the largest haven of malware spreaders in the US, according to security company Solutionary.

The claims are in the outfit's "Quarterly Threat Intelligence Report" [PDF], which uses data from Solutionary's ActiveGuard Security and Compliance Platform. It was published on Wednesday.

"Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier. Now we have to maintain our focus not only on the most dangerous parts of the Web but also on the parts we expect to be more trustworthy," said Rob Kraus, director of research in Solutionary's Security Engineering Research Team (SERT).

The company claimed that the United States provides 4.6 times more software nasties to the world than Germany, the next leading country. Solutionary also reckons Amazon Web Services, web host biz OVH and Google are preferred by malware-slinging crooks.

"The cloud has become a preferred mode for malicious actors who are using cloud computing for many of the same reasons that legitimate customers are," the report stated.

It claimed that ease of website development, the low costs of hosting, and that Amazon and Google-provided IP addresses tend to be trusted on the internet, made the pair's pools of computers an excellent foundation for malware.

"Attackers are leveraging services like Amazon and GoDaddy by either buying services directly or by compromising legitimate domains," the report stated. "These providers are likely targets due to the transient nature of many of their users and the lack of formal hardening."

All cloud providers worth their salt have stringent security policies that give crooks the boot as soon as they're discovered. However, the scale of the clouds operated by the larger companies – tens of thousands to hundreds of thousands of servers with millions of ephemeral jobs per month – means it's a tough gig to spot and shoot down nasties running on the gear.

This isn't the first time Amazon has come in for criticism over what's held in its cloud: in July 2011, security firm Kaspersky said the S3 storage service had been caught hosting the nasty SpyEye banking trojan.

Solutionary's advice for companies wishing to protect themselves from threats served off of the mega-clouds is simple: hire better staff.

"It is possible for an untrained analyst or IT staff member who does not normally handle security to overlook an event or alert because the associated IP address belongs to Google, Amazon or some other well-known provider," the firm wrote. "Over the past few months, SERT has observed an increase of malicious domains being hosted on major hosting providers."

Alongside the cloud research, the report comes with some typical antivirus-vendor scarification: some malware samples gathered late last year were undetectable by at least 40 antivirus engines, and of the files obtained, 26 percent were plain old executables (as opposed to documents that exploit holes in software, we presume).

At the time of writing neither Amazon or GoDaddy had returned to an El Reg request for comment on the report. Companies that think they've spotted malicious activity on AWS can email ec2-abuse at amazon do com. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.