Amazon Cloud Hosts Malware

While it may be true that cloud computing is the “future,” are will all great new things there are still some issues to be ironed out.

It seems that it isnt just legitimate businesses that take advantage of the storage and saving opportunities that the cloud offers. On 28 July, Kaspersky Labs security researcher reported about a malware service running on Amazon’s S3 cloud:

From the article:

Despite being a paid service, the cost is not an obstacle for profitable attackers. In fact, my colleague Dmitry Bestuzhev recently told us about the spread of malware exploiting this service to “the cloud”.

The truth is that these cases are not isolated. According to our research, cybercriminals have been running SpyEye activities and from Amazon for the past couple of weeks.

From the research, it seems that even the difficulty in needing a legitimate identity and payment method hasnt deterred criminals from using S3 to spread malware.

There isnt much you as an individual can do about this but keep in mind the fact that criminals can, and will (and are) using this as a platform to mount attacks. It is only a matter of time before someone works out how to use malicious software on one cloud instance to find a weakness separating the instances which allows them to compromise other accounts data.

Taz Wake - Halkyn Security

Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.