Business Cloud News
Amazon, GoDaddy, LeaseWeb and Google's clouds host nearly half of the world's malware attacks

Amazon, GoDaddy, LeaseWeb and Google’s clouds host nearly half of the world’s malware attacks

According to a recently published study on malware distribution, GoDaddy, Amazon, Google and Leaseweb host nearly half of all malware in the world. NTT Group Security, the organisation behind the study, said malware distributors are attracted to the cloud because of the speed with which they can mount their attacks.

But while cloud service providers claim to be doing all they can to prevent malware, Gartner research vice president Jay Heiser told Business Cloud News that they might be doing more harm than good.

The study published by Solutionary, a division of NTT Group Security surveyed global malware distribution. According to its authors the US is the world’s largest host of malware, with 44 per cent of attacks originating from hosting and cloud platforms there.

That’s more than Germany (nine per cent), the Netherlands (seven per cent), France (four per cent), the UK (four per cent), and Italy (three per cent) combined.

Despite being in the market for just seven years, Amazon Web Services was indicated as the largest hosting platform for malware globally with 18 per cent. In other words, nearly one in five malware attacks were originally spun up on Amazon’s cloud.

GoDaddy, which has been in the hosting game for much longer, came in at 14 per cent; LeaseWeb at 13 per cent; and Google and six per cent.

“The information in this report will show our readers how widespread the malware problem truly is and how close it hits to home. We aren’t just talking about foreign espionage campaigns, APTs and breaches; many of these malicious activities are taking place within U.S. borders,” said Solutionary SERT director of research Rob Kraus.

“Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier.  Now we have to maintain our focus not only on the most dangerous parts of the Web but also on the parts we expect to be more trustworthy,” Kraus added.

A spokesperson for Amazon Web Services declined to comment on the report but told Business Cloud News that AWS “employs a number of mitigation techniques, both manual and automated, to prevent the misuse of the services.”

“Our terms of usage are clear and when we find misuse we take action quickly and shut it down,” she said.

GoDaddy’s chief information security officer Todd Redfoot told BCN that the company actively tracks malware issues throughout the cloud and hosting industry in an effort to reduce customer impact.

“Our security operations team monitors potential abuse, aggressively investigates complaints and works with customers to promote safe practices,” he added.

Public cloud platforms that offer compute and storage facilities with high bandwidth and availability at low prices are becoming more effective platforms for malware attacks because of the speed at which they can be used.

But while concerns have been expressed by some over the practices put in place to limit nefarious use of these platforms, and efforts to reduce the exposure to legitimate users of these platforms to malware attacks, some analysts believe the risk profile is a bit overblown.

“I don’t see a huge risk to legitimate users of commercial cloud services just because they are co-resident with hackers,” said Jay Heiser, a research vice president and senior IT security analyst at Garnter. “There probably are some security implications but generally, the same things that protect customers from one another in a co-tenancy environment are the same things that protect them from hackers.”

“It was arguably the hacker community pioneered the concept of cloud computing. I would characterise botnets as a form of cloud – it’s a multitenant, distributed, shared processing environment. Why wouldn’t they gravitate to commercial clouds as well?,” he said.

Heiser explained that if these services are paid for with a credit card, and one can easily steal a credit card, these hackers essentially have access to computing on demand that can’t be traced back easily. And with the sheer volume of users it makes it impractical for any of these providers to effectively monitor that kind of activity before it’s too late.

When it comes to what these cloud service providers can do about it, “that raises some interesting issues.”

“Beyond looking at what they can practically do there are a number of good reasons why they would resist this. One is, particularly in the English speaking countries, the issue of liability – if CSPs establish themselves as having responsibility for policing their customers that might put them in a position of liability in case one of their customers misbehaves,” Heiser said.

“There’s also a public relations impact: do they really want a reputation of being Big Brother, especially given the recent Snowden revelations? Who will want to use a cloud service provider that has a reputation for surveilling the activities of their customers?,” he added. “It seems like a lose-lose. So they have every incentive in a litigious-prone society to avoid these practices.”