This article is more than 1 year old

Amazon's public cloud fingered as US's biggest MALWARE LAIR

Cyber-crooks lurve Bezos & Co's servers and their whitelisted IP addresses

Amazon's public cloud is the largest haven of malware spreaders in the US, according to security company Solutionary.

The claims are in the outfit's "Quarterly Threat Intelligence Report" [PDF], which uses data from Solutionary's ActiveGuard Security and Compliance Platform. It was published on Wednesday.

"Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier. Now we have to maintain our focus not only on the most dangerous parts of the Web but also on the parts we expect to be more trustworthy," said Rob Kraus, director of research in Solutionary's Security Engineering Research Team (SERT).

The company claimed that the United States provides 4.6 times more software nasties to the world than Germany, the next leading country. Solutionary also reckons Amazon Web Services, web host biz OVH and Google are preferred by malware-slinging crooks.

"The cloud has become a preferred mode for malicious actors who are using cloud computing for many of the same reasons that legitimate customers are," the report stated.

It claimed that ease of website development, the low costs of hosting, and that Amazon and Google-provided IP addresses tend to be trusted on the internet, made the pair's pools of computers an excellent foundation for malware.

"Attackers are leveraging services like Amazon and GoDaddy by either buying services directly or by compromising legitimate domains," the report stated. "These providers are likely targets due to the transient nature of many of their users and the lack of formal hardening."

All cloud providers worth their salt have stringent security policies that give crooks the boot as soon as they're discovered. However, the scale of the clouds operated by the larger companies – tens of thousands to hundreds of thousands of servers with millions of ephemeral jobs per month – means it's a tough gig to spot and shoot down nasties running on the gear.

This isn't the first time Amazon has come in for criticism over what's held in its cloud: in July 2011, security firm Kaspersky said the S3 storage service had been caught hosting the nasty SpyEye banking trojan.

Solutionary's advice for companies wishing to protect themselves from threats served off of the mega-clouds is simple: hire better staff.

"It is possible for an untrained analyst or IT staff member who does not normally handle security to overlook an event or alert because the associated IP address belongs to Google, Amazon or some other well-known provider," the firm wrote. "Over the past few months, SERT has observed an increase of malicious domains being hosted on major hosting providers."

Alongside the cloud research, the report comes with some typical antivirus-vendor scarification: some malware samples gathered late last year were undetectable by at least 40 antivirus engines, and of the files obtained, 26 percent were plain old executables (as opposed to documents that exploit holes in software, we presume).

At the time of writing neither Amazon or GoDaddy had returned to an El Reg request for comment on the report. Companies that think they've spotted malicious activity on AWS can email ec2-abuse at amazon do com. ®

More about

TIP US OFF

Send us news


Other stories you might like