AWS Increasingly Being Used As Malware Hub
Cloud services have become popular for end users and businesses alike. Since more businesses are moving their apps to the cloud, logic would tell you that it only makes sense for hackers to begin to targeting the cloud. A new study published by Solutionary broke down the top ten public cloud providers based malware reports. In Q4 2013, AWS represented only 16% of the total malicious apps found in the study. By Q2 2014, that number has increased more than two fold with AWS representing 41% of the top 10 service providers who are found to host malware.
That doesn’t mean that AWS has a gaping security flaw of any sorts. It simply means that the platform has become so popular that not only is it businesses first choice in cloud, its also malicious coder’s first choice as well. When looking at the study, it is easy to see that cloud has become a bigger target for hackers in the past 6 months. For example, Euro provider OVH, Akamai and Google all saw rises in malware being hosted in their clouds. GoDaddy, on the other hand, had a reduction in malware over the past 6 months.
Chad Kahl, security analyst for Solutionary, talked with the Register about how these malware empires start out. Kahl mentions, “When you start going into the underground forums – the Russian forums, the Chinese forums – they don’t just sell a Zeus malware package, they’ll sell you an entire command-and-control infrastructure and a phishing website to set up, and a drive-by-download website to set up. You go to them and its crime-as-a-service. It’s truly script kiddies on a major scale.”
An AWS spokesperson responded to the report by saying, “We have automatic systems in place that detect and block many attacks before they leave our infrastructure. Our terms of usage are clear and when we find misuse we take action quickly and shut it down. Companies that do see malicious activity originating from AWS should contact us immediately at ec2-abuse@amazon.com.”
