Cyber-Criminals Turn to Big U.S. Web Hosts to Spread Malware
Two studies, one produced by Cisco and the other by Solutionary, find that cyber-attackers increasingly use popular U.S. cloud services as a launching point for malware.The stereotype may be that online attackers hide their operations on servers away from the mainstream Internet. But many attackers—like prudent business people—host their operations close to their targets and on well-known Web services, according to two studies published this week. In its fourth-quarter 2013 Threat Intelligence Report released on Jan. 15, security services firm Solutionary found that the United States hosted 44 percent of all malware operations and that the top 10 malware-hosting ISPs—all large, well-known service providers—accounted for 29 percent of all malware. The data suggests that large hosting providers, such as Amazon and GoDaddy, offer benefits for not just legitimate businesses, but for the bad guys as well, Rob Kraus, Solutionary's director of research, told eWEEK. "It is not a surprise that any particular cloud provider is hosting malware," he said. "Anything that is created with good intent can be used for malicious intent." Examples of the strategy have already been noted by security professionals. Since May 2013, a hacking group has used Amazon's EC2 cloud to host servers from which they scraped data from hundreds of thousands of LinkedIn accounts, according to a lawsuit filed by LinkedIn and reported by Ars Technica. And in 2011, virtual servers based in Amazon's cloud were reportedly used to attack Sony and compromise the accounts of some 100 million Sony users.
Cloud providers excel at providing instant access to significant resources with just a valid credit card, allowing criminals to use a stolen account to gain access to a great deal of computing power for hours, and most likely days, before they are shut down—long enough to use the servers to spread malware.