Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Lurking Malice' Study Finds Malware Hiding In The Cloud (gatech.edu)

Posted by EditorDavid on from the surveying-servers dept.

"Cloud repositories have become the hub of malicious web activities," warns one computer engineering professor. An anonymous reader quotes SC magazine: A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites. Researchers...scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the "Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service" report [PDF]...

[According to the researchers] threat actors are taking advantage of the cloud because of how difficult it can be to scan the large amount of storage they provide... service providers which are bound by privacy commitments and ethical concerns tend to avoid inspecting their customer's repositories without proper consent and even when they are willing to inspect them it is difficult to spot malicious content.

45 comments

  1. Bernie Sanders 2020 by Anonymous Coward · · Score: 0

    NT

  2. Why are not the host of these cloud services by Anonymous Coward · · Score: 0

    Not doing the scanning and removing the malware?

    1. Re:Why are not the host of these cloud services by Anonymous Coward · · Score: 0

      They can! You just have to pay the malware scanning and mitigation fee.

      Oh, you don't want the service to cost more?

    2. Re: Why are not the host of these cloud services by WarJolt · · Score: 1

      The cloud providers are not police men. They have no responsibility to make sure their customers are following their policies. They do have a responsibility to shut them down when a violation is found.

      They also have very little incentive to stop something that isn't really affecting their service or their brand. Most people don't even know where malware is hosted.

    3. Re: Why are not the host of these cloud services by mlts · · Score: 1

      Very true, they don't have a responsibility to police users, but if their IP range starts getting known for malware, it is likely that IP range will wind up on blackhole lists, and that is a black eye for the cloud provider when clients start complaining they can't reach other businesses.

    4. Re: Why are not the host of these cloud services by Ol+Olsoc · · Score: 2

      The cloud providers are not police men. They have no responsibility to make sure their customers are following their policies.

      Congratulations for tshowing exactly why the cloud shouldn't be used.

      If your cloud isn't protecting you, or they just give the "It's not our responsibility" bullshit, you just have to put up with whatever they serve you. You are just another customer

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  3. Bernie Sanders 2020 by Anonymous Coward · · Score: 0

    NT.

  4. Bernie Sanders 2020 by Anonymous Coward · · Score: 0

    NT...

  5. Why do we care? by Cigaes · · Score: 4, Insightful

    Malware is a problem when people try to execute it. Malware laying in “cloud repositories” (what does that even mean?) is doing no harm except waste place. Why waste even more energy trying to scan it? Or even study it?

    1. Re:Why do we care? by Dutch+Gun · · Score: 2

      Because that's how it's distributed to clients, of course. To use an analogy: "guns only kill when they're fired at people". Therefore, we should take no notice of our aggressive neighbor amassing an army on our border.

      I do agree that "cloud repositories" is a pretty buzzword-bingo way to describe "e-mail and web servers".

      --
      Irony: Agile development has too much intertia to be abandoned now.
    2. Re:Why do we care? by sumdumass · · Score: 1

      Yes, why have a loaded handgun at a preschool and leave it laying on the table next to all the toys?

      People are inherently stupid. Even the ones who think they are smart tend to be stupid in at least several ways. If it is there, someone will execute it eventually. I used to have a small script that would ping a certain IP address every time it was executed. The firewall for the system at this address would alert me every time it was pinged from inside the network. It was a simple .bat file and I would name it things like "do.not.open.pdf.bat" or "click.this.and.computer.crashes.bat". At least one a year someone would try to open it and I would know more on which workstations I needed to lock down strictly and which ones I could leave the use with some freedom. Every system had it on it, but only few- usually disgruntled employees- would venture into the inner workings and open it.

      But more interesting would be how it got there in the first place. Was it just part of a backup of a previous infection already dealt with? If so, if the need to restore that data could restore the infection. Has somebody hacked the cloud account and is using it to host the files for when some down loader Trojan on another system get pwned? Or if there an insider working to set up the right time to infest the company and sneak away with lots of valuable data like customer lists, proprietary secrets and so on just before they leave and start their own company? Or is it dead man switch payload for a semi- disgruntled employee to activate several days after he doesn't log into a specific machine?

      If all those are satisfactorily answered, then sure, what is the harm. If not, I would assuming answering them and more I didn't think of would be the harm.

    3. Re:Why do we care? by Cigaes · · Score: 1

      Your analogy is flawed in two ways.

      First, “cloud repositories” are not used just to distribute malware. But that is not the most important.

      Second, if someone shoots me with a gun, I die, I do not have any choice. If someone hands me malware, I ignore it and move to something else.

      Malware is a non-issue. The real issue is the abysmal security of consumer devices and software.

    4. Re:Why do we care? by SeaFox · · Score: 2

      Malware is a problem when people try to execute it. Malware laying in "cloud repositories" (what does that even mean?).

      It means pundits get to coin a new web.0 term -- Dark Cloud .

    5. Re:Why do we care? by Anonymous Coward · · Score: 0

      Get off your high horse and think with something other than your attention-seeking ego, and you will realize that "malware on the cloud" is about the most ill-defined term imaginable. It is nothing like a loaded gun on the table in a preschool. It is like a loaded gun existing in the same universe as a preschool. The "cloud" is nothing but a marketing hype term, largely synonymous with the word "internet".

    6. Re:Why do we care? by Dutch+Gun · · Score: 2

      The problem with analogies is that they're all flawed in some way. I should know better by now, because invariable the arguments focus on the analogy rather than the point being made. Fine, forget the analogies.

      I'd agree that consumer device security is a major issue (especially with the short supported lifespans of phones and IoT devices), but I think analysis of malware is important in creating better security by analyzing attack patterns. I'm not sure how you could argue that the two are unrelated.

      If someone hands me malware, I ignore it and move to something else.

      Oh, if only it were that simple. There are examples of malware that require no user interaction in order to compromise a machine, as demonstrated by the semi-recent Stagefright flaws in Android, or any number of "go to this webpage and you're infected" attacks in the past. The reason critical-rated vulnerabilities are often so labeled is because there's nothing a user can do to mitigated it, short of avoiding it or disabling the offending feature - one of the reasons many people like myself block ads. These are a bit more rare than they used to be, but they still show up once in a while.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    7. Re:Why do we care? by sumdumass · · Score: 1

      lol.. The cloud is little more than hosted services outside the premise. There is no high horse or anything involved. It is about risks and mitigation just like the loaded handgun. If you don't want it going off unintentionally, don't leave it where it can. The same with malware, why even have it on your network unless you want it there?

    8. Re:Why do we care? by Anonymous Coward · · Score: 0

      Cigaes is a moron.

    9. Re:Why do we care? by Anonymous Coward · · Score: 0

      Or one can use iOS where malware on the platform is not an issue.

    10. Re:Why do we care? by roc97007 · · Score: 1

      That doesn't appear to be true. Although it does appear to be a common belief amongst apple fans.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    11. Re:Why do we care? by rtb61 · · Score: 1

      Cloud repository is simply a digital warehouse for digital data. By that same token, real world warehouse are responsible for what they store and what they distribute and the law should be exactly the same for the digital warehouse. So what law do you propose to stop digital warehouse fucking purposefully distributing malware, the oops tee hee, I didn't know it was there and we were doing it, giggle, giggle, giggle. You distribute malware at a professional level, then prepare to face the legal consequences for doing so, otherwise do not claim to be a professional service and prepare to be shut down.

      --
      Chaos - everything, everywhere, everywhen
    12. Re:Why do we care? by Anonymous Coward · · Score: 0

      You may ignore the malware (and probably be ignorant of it as well). The malware is definitely not going to ignore your resources and your data. When you finally suffer some data leak or loss you will start paying attention to it.

    13. Re:Why do we care? by Anonymous Coward · · Score: 0

      Say there is a compromised process (malware) running on the same cloud machine as my own processes. Do you still think the loaded gun is in the same universe or can you narrow it down a bit?

  6. In other news... by mykepredko · · Score: 3, Insightful

    Water is wet.

    If you want to keep data secure, keep it in house and hire people who know how to protect it.

    --
    Mimetics Inc. Twitter
    1. Re: In other news... by Billly+Gates · · Score: 1

      Wait ... We can save how much money by eliminating that IT cost center??

      --
      http://saveie6.com/
    2. Re:In other news... by Ol+Olsoc · · Score: 1

      Water is wet.

      If you want to keep data secure, keep it in house and hire people who know how to protect it.

      One of the best reasons to keep it in house is that the peeps keeping it secure are working for you.

      The cloud? You are just another customer, and how's all that customer support going, cloud peeps? Someone in Bangalore saying "Have you tried rebooting your computer?"

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  7. Re:The cloud is a joke by Anonymous Coward · · Score: 0

    Oh oh!! Busted by the cloud provider shills.

  8. ok by Anonymous Coward · · Score: 0

    the internet is filled with malicious servers
    news at 11

  9. Re:The cloud is a joke by Anonymous Coward · · Score: 0

    If the cloud is so bad, why is it that virtually all companies are looking to move to it, ditching all enterprise-grade hardware on premises is their edge router to the Internet and AWS? Like it or not, it is the way of the future.

  10. Re:The cloud is a joke by roc97007 · · Score: 2, Insightful

    Because, it's a fad. Like outsourcing. The people making the decisions typically aren't technologists, and tend to believe the marketing hype.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  11. Re:The cloud is a joke by AHuxley · · Score: 2

    AC its groupthink. https://en.wikipedia.org/wiki/... The experts offer huge amounts of storage, fast networking, low cost energy and CPU time for cents on the $.
    But with that comes a total loss of control. What random code is in the same location with your brand? What is been done in your brands name?
    On site experts can ensure your site and brand is clean and fast on totally controlled hardware and software. A cloud offers network balance globally but with a risk to reputation.

    --
    Domestic spying is now "Benign Information Gathering"
  12. Re:The cloud is a joke by Ol+Olsoc · · Score: 2

    If the cloud is so bad, why is it that virtually all companies are looking to move to it, ditching all enterprise-grade hardware on premises is their edge router to the Internet and AWS? Like it or not, it is the way of the future.

    The suits have been sold on how inexpensive it is, and how they can get rid of a lot of employees. This leads to bigger bonuses.

    And just like every insourcing versus outsourcing battle, it will be cyclical.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  13. Re:I see it everyday building hosts by Ol+Olsoc · · Score: 1

    Anyone's free to ask my sources in the security community where my data comes from

    So you kinda have to tell us exactly who your sources in the security community are if we are to ask them, AC.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  14. Re: The cloud is a joke by Anonymous Coward · · Score: 0

    Pretty much this. Big time fad. Also exaggerated. "Everyone" is most certainly not moving their stuff to the cloud. That's just more marketing hype and press bullshit.

    Sure, it's useful for some things. However, the only businesses moving everything to the cloud are startups that never had infrastructure and will be out of business soon anyway, and total idiots. Decisions like that really are made by clueless executives.

    When cloud computing first became a marketing term (because we'd already called it "time share" and "hosting") it was supposed to be cheaper. Now it's not cheaper--well, it never really was except for companies that artificially discount it to gain customers (cough, Microsoft, cough). Now it's more flexible or something, because everybody I know has to go from 100 to 500 servers and back again in the same week.

    There's always going to be a hard sell for this though because it involves recurring revenue and that's attractive for bullshit artists.

    Really, here's what's going to happen. Right now running cloud services is hard because the chewing gum and bailing wire of homemade scripts that glue all that proprietary stuff together is hard to maintain. More flimflam artists are going to want in though, but they're not going to have any skills, which means other opportunists are going to simplify the infrastructure so that even offshore outsourced idiots can run it...but when you combine good management tools with more powerful servers and storage with smaller footprints, who needs a rent seeking cloud provider? So we'll go full circle, just like we did the last time that time sharing dominated by rent seekers was the prevalent computing model.

  15. Cloud Repositories? by Anonymous Coward · · Score: 0

    What the hell is a "cloud repository"? Is that just a cloud-hosted file drop? Why the weird nomenclature?

    Of course they host malware. And porn. And wares. And illegally-traded movies. Literally every kind of file that has ever been created can probably be found "in the cloud". What are we learning, here? Oh, right: SC magazine needed some clicks today.

  16. I see it everyday building hosts by Anonymous Coward · · Score: 0

    See subject: Tons of "cloud-based" hosts misused to house malware or its code while using this daily APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?... to build my hosts file to block them out.

    APK

    P.S.=> I've been gathering this data for protection vs. malicious threats of all kinds daily since 1996 or so, consistently - & IF my words aren't good enough? Anyone's free to ask my sources in the security community where my data comes from if cloud is misused thus (along w/ email phish etc. being used a lot lately too)... apk

  17. Any of them really by Anonymous Coward · · Score: 0

    They're listed in my program. I don't do others' homework for them. I just point the way to information.

    APK

    1. Re:Any of them really by Ol+Olsoc · · Score: 1

      They're listed in my program. I don't do others' homework for them. I just point the way to information.

      APK

      So are you tellimg me that I have to go to the trouble to attach a real name to you AC - so that I can see the person who wrote your program? You really don't want that do you?

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  18. I wrote it: Proof's inside... apk by Anonymous Coward · · Score: 0

    See subject: I wrote it (audited by Malwarebytes' personnel, 1 of my data sources who hosts + recommends it http://hosts-file.net/?s=Downl... )

    Verified by Malwarebytes' S. Burn "I've seen the code & it's safe" http://forum.hosts-file.net/vi...

    (You're also free to verify that with the gent as well - he wouldn't have hosted it otherwise & even RECOMMENDS it above others he hosts...)

    Safe by 57++ antivirus programs too https://www.virustotal.com/en/...

    (I've been doing freeware/shareware/commercialware (in commercially sold code you might even use) for decades & I'm fairly well known for it - certainly more than MOST here, even "registered 'lusers'" who make THAT (lol) some "claim to fame"... see, even the SECURITY COMMUNITY knows who I am & your proof's above)

    APK

    P.S.=> You're welcome to download it & see for yourself - it's ALL THERE in "black & white" etc. as the saying goes, nothing to hide... apk

  19. Re:I see it everyday building hosts by Anonymous Coward · · Score: 0

    Wait, are you talking about a standard /etc/hosts file with entries like:

    127.0.0.1 localhost
    0.0.0.0 some.evil.host.com
    0.0.0.0 googleadservices.com

    ?

  20. Re:I see it everyday building hosts by Anonymous Coward · · Score: 0

    @APK: you're spamming all the fucking time in slashdot but now cat got your tongue? It's a simple question.

  21. Re:I see it everyday building hosts by Anonymous Coward · · Score: 0

    I think apk's letting you stew in your "ne'er-do-well" do-nothingness by ignoring you. The question's the only stupid question I've ever seen. The answer is self-evident if you know anything about his program and apparently you do. Call it spam? If that's the best you've got, let's see you do better. Obviously you can't and have to troll people by unidentifiable anonymous posts since it's all you're capable of in being a stupid nuisance.

  22. Re:I see it everyday building hosts by Anonymous Coward · · Score: 0

    I think you are apk and you're a fucking clown.

  23. Re:I see it everyday building hosts by Anonymous Coward · · Score: 0

    You don't possess the brains to think and you are projecting you are the clown.