Cyber Security Institute

Tuesday, October 30, 2012

Lack of abuse detection allows cloud computing instances to be used like botnets, study says

Some cloud providers fail to detect and block malicious traffic originating from their networks, which provides cybercriminals with an opportunity to launch attacks in a botnet-like fashion, according to a report from Australian security consultancy firm Stratsec.  The experiments involved sending different types of malicious traffic from remotely controlled cloud instances (virtual machines) to a number of test servers running common services such as HTTP, FTP and SMTP. 

[These] botnets would be relatively easy to set up and administer if one learns the cloud provider’s API (application programming interface), would take less time to build than traditional botnets because replicating cloud instances can be done very fast, would be more stable because cloud instances have a very good uptime, would be more effective because of the increased computing power and bandwidth available to the cloud instances and wouldn’t cost much, Hayati said.  For example, this type of botnet is probably not very resilient to takedown efforts, because cloud providers will likely shut down the offending cloud instances down once they receive an abuse notification from security researchers or victims.