Saturday, October 25, 2014

RESEARCH: Cloud Providers Ignoring Malware Laden Host

During our recent research we have been seeing an uptick in the number of cloud hosting providers that are hosting malware and malicious content as well as viruses. The elastic nature of cloud providers provisioning is allowing hackers to take over legitimate customers sites shortly after they a provisioned and before security settings can be applied. During our testing the average time from provisioning until most sites are infected or hacked is less than 25 minutes.

This is troubling and it seems hackers love these cloud environments because of the lack in security controls when a node is brought online. Just as quickly as they appear they can be taken offline and re-provisioned and the process begins again. It's a cat and mouse game at it's finest.

We are noting many malware C+C servers are being hosted on a handful of cloud providers to include Amazon and Cisco web services clouds. It's difficult to block by IP or hostname in some cases because hundreds or even thousands of legitimate host may be natted behind a single IP.

No comments:

Post a Comment