Feeds

Amazon's public cloud fingered as US's biggest MALWARE LAIR

Cyber-crooks lurve Bezos & Co's servers and their whitelisted IP addresses

5 things you didn’t know about cloud backup

Amazon's public cloud is the largest haven of malware spreaders in the US, according to security company Solutionary.

The claims are in the outfit's "Quarterly Threat Intelligence Report" [PDF], which uses data from Solutionary's ActiveGuard Security and Compliance Platform. It was published on Wednesday.

"Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier. Now we have to maintain our focus not only on the most dangerous parts of the Web but also on the parts we expect to be more trustworthy," said Rob Kraus, director of research in Solutionary's Security Engineering Research Team (SERT).

The company claimed that the United States provides 4.6 times more software nasties to the world than Germany, the next leading country. Solutionary also reckons Amazon Web Services, web host biz OVH and Google are preferred by malware-slinging crooks.

"The cloud has become a preferred mode for malicious actors who are using cloud computing for many of the same reasons that legitimate customers are," the report stated.

It claimed that ease of website development, the low costs of hosting, and that Amazon and Google-provided IP addresses tend to be trusted on the internet, made the pair's pools of computers an excellent foundation for malware.

"Attackers are leveraging services like Amazon and GoDaddy by either buying services directly or by compromising legitimate domains," the report stated. "These providers are likely targets due to the transient nature of many of their users and the lack of formal hardening."

All cloud providers worth their salt have stringent security policies that give crooks the boot as soon as they're discovered. However, the scale of the clouds operated by the larger companies – tens of thousands to hundreds of thousands of servers with millions of ephemeral jobs per month – means it's a tough gig to spot and shoot down nasties running on the gear.

This isn't the first time Amazon has come in for criticism over what's held in its cloud: in July 2011, security firm Kaspersky said the S3 storage service had been caught hosting the nasty SpyEye banking trojan.

Solutionary's advice for companies wishing to protect themselves from threats served off of the mega-clouds is simple: hire better staff.

"It is possible for an untrained analyst or IT staff member who does not normally handle security to overlook an event or alert because the associated IP address belongs to Google, Amazon or some other well-known provider," the firm wrote. "Over the past few months, SERT has observed an increase of malicious domains being hosted on major hosting providers."

Alongside the cloud research, the report comes with some typical antivirus-vendor scarification: some malware samples gathered late last year were undetectable by at least 40 antivirus engines, and of the files obtained, 26 percent were plain old executables (as opposed to documents that exploit holes in software, we presume).

At the time of writing neither Amazon or GoDaddy had returned to an El Reg request for comment on the report. Companies that think they've spotted malicious activity on AWS can email ec2-abuse at amazon do com. ®

Build a business case: developing custom apps

More from The Register

next story
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
VMware's high-wire balancing act: EVO might drag us ALL down
Get it right, EMC, or there'll be STORAGE CIVIL WAR. Mark my words
Forrester says it's time to give up on physical storage arrays
The physical/virtual storage tipping point may just have arrived
VMware vaporises vCHS hybrid cloud service
AnD yEt mOre cRazy cAps to dEal wIth
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.