'Lurking Malice' Study Finds Malware Hiding In The Cloud

"Cloud repositories have become the hub of malicious web activities," warns one computer engineering professor. An anonymous reader quotes SC magazine: A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites. Researchers...scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the "Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service" report [PDF]...

[According to the researchers] threat actors are taking advantage of the cloud because of how difficult it can be to scan the large amount of storage they provide... service providers which are bound by privacy commitments and ethical concerns tend to avoid inspecting their customer's repositories without proper consent and even when they are willing to inspect them it is difficult to spot malicious content.

Why do we care?

[Cigaes]

Malware is a problem when people try to execute it. Malware laying in “cloud repositories” (what does that even mean?) is doing no harm except waste place. Why waste even more energy trying to scan it? Or even study it?

Re:Why do we care?

[Dutch+Gun]

Because that's how it's distributed to clients, of course. To use an analogy: "guns only kill when they're fired at people". Therefore, we should take no notice of our aggressive neighbor amassing an army on our border.

I do agree that "cloud repositories" is a pretty buzzword-bingo way to describe "e-mail and web servers".

Re:Why do we care?

[sumdumass]

Yes, why have a loaded handgun at a preschool and leave it laying on the table next to all the toys?

People are inherently stupid. Even the ones who think they are smart tend to be stupid in at least several ways. If it is there, someone will execute it eventually. I used to have a small script that would ping a certain IP address every time it was executed. The firewall for the system at this address would alert me every time it was pinged from inside the network. It was a simple .bat file and I would name it things like "do.not.open.pdf.bat" or "click.this.and.computer.crashes.bat". At least one a year someone would try to open it and I would know more on which workstations I needed to lock down strictly and which ones I could leave the use with some freedom. Every system had it on it, but only few- usually disgruntled employees- would venture into the inner workings and open it.

But more interesting would be how it got there in the first place. Was it just part of a backup of a previous infection already dealt with? If so, if the need to restore that data could restore the infection. Has somebody hacked the cloud account and is using it to host the files for when some down loader Trojan on another system get pwned? Or if there an insider working to set up the right time to infest the company and sneak away with lots of valuable data like customer lists, proprietary secrets and so on just before they leave and start their own company? Or is it dead man switch payload for a semi- disgruntled employee to activate several days after he doesn't log into a specific machine?

If all those are satisfactorily answered, then sure, what is the harm. If not, I would assuming answering them and more I didn't think of would be the harm.

Re:Why do we care?

[Cigaes]

Your analogy is flawed in two ways.

First, “cloud repositories” are not used just to distribute malware. But that is not the most important.

Second, if someone shoots me with a gun, I die, I do not have any choice. If someone hands me malware, I ignore it and move to something else.

Malware is a non-issue. The real issue is the abysmal security of consumer devices and software.

Re:Why do we care?

[SeaFox]

Malware is a problem when people try to execute it. Malware laying in "cloud repositories" (what does that even mean?).

It means pundits get to coin a new web.0 term -- Dark Cloud .

Re:Why do we care?

[Dutch+Gun]

The problem with analogies is that they're all flawed in some way. I should know better by now, because invariable the arguments focus on the analogy rather than the point being made. Fine, forget the analogies.

I'd agree that consumer device security is a major issue (especially with the short supported lifespans of phones and IoT devices), but I think analysis of malware is important in creating better security by analyzing attack patterns. I'm not sure how you could argue that the two are unrelated.

If someone hands me malware, I ignore it and move to something else.

Oh, if only it were that simple. There are examples of malware that require no user interaction in order to compromise a machine, as demonstrated by the semi-recent Stagefright flaws in Android, or any number of "go to this webpage and you're infected" attacks in the past. The reason critical-rated vulnerabilities are often so labeled is because there's nothing a user can do to mitigated it, short of avoiding it or disabling the offending feature - one of the reasons many people like myself block ads. These are a bit more rare than they used to be, but they still show up once in a while.

Re:Why do we care?

[sumdumass]

lol.. The cloud is little more than hosted services outside the premise. There is no high horse or anything involved. It is about risks and mitigation just like the loaded handgun. If you don't want it going off unintentionally, don't leave it where it can. The same with malware, why even have it on your network unless you want it there?

Re:Why do we care?

[roc97007]

That doesn't appear to be true. Although it does appear to be a common belief amongst apple fans.

Re:Why do we care?

[rtb61]

Cloud repository is simply a digital warehouse for digital data. By that same token, real world warehouse are responsible for what they store and what they distribute and the law should be exactly the same for the digital warehouse. So what law do you propose to stop digital warehouse fucking purposefully distributing malware, the oops tee hee, I didn't know it was there and we were doing it, giggle, giggle, giggle. You distribute malware at a professional level, then prepare to face the legal consequences for doing so, otherwise do not claim to be a professional service and prepare to be shut down.

In other news...

[mykepredko]

Water is wet.

If you want to keep data secure, keep it in house and hire people who know how to protect it.

Re: In other news...

[Billly+Gates]

Wait ... We can save how much money by eliminating that IT cost center??

Re:In other news...

[Ol+Olsoc]

Water is wet.

If you want to keep data secure, keep it in house and hire people who know how to protect it.

One of the best reasons to keep it in house is that the peeps keeping it secure are working for you.

The cloud? You are just another customer, and how's all that customer support going, cloud peeps? Someone in Bangalore saying "Have you tried rebooting your computer?"

Re: Why are not the host of these cloud services

[WarJolt]

The cloud providers are not police men. They have no responsibility to make sure their customers are following their policies. They do have a responsibility to shut them down when a violation is found.

They also have very little incentive to stop something that isn't really affecting their service or their brand. Most people don't even know where malware is hosted.

Re: Why are not the host of these cloud services

[mlts]

Very true, they don't have a responsibility to police users, but if their IP range starts getting known for malware, it is likely that IP range will wind up on blackhole lists, and that is a black eye for the cloud provider when clients start complaining they can't reach other businesses.

Re:The cloud is a joke

[roc97007]

Because, it's a fad. Like outsourcing. The people making the decisions typically aren't technologists, and tend to believe the marketing hype.

Re:The cloud is a joke

[AHuxley]

AC its groupthink. https://en.wikipedia.org/wiki/... The experts offer huge amounts of storage, fast networking, low cost energy and CPU time for cents on the $.
But with that comes a total loss of control. What random code is in the same location with your brand? What is been done in your brands name?
On site experts can ensure your site and brand is clean and fast on totally controlled hardware and software. A cloud offers network balance globally but with a risk to reputation.

Re:The cloud is a joke

[Ol+Olsoc]

If the cloud is so bad, why is it that virtually all companies are looking to move to it, ditching all enterprise-grade hardware on premises is their edge router to the Internet and AWS? Like it or not, it is the way of the future.

The suits have been sold on how inexpensive it is, and how they can get rid of a lot of employees. This leads to bigger bonuses.

And just like every insourcing versus outsourcing battle, it will be cyclical.

Re: Why are not the host of these cloud services

[Ol+Olsoc]

The cloud providers are not police men. They have no responsibility to make sure their customers are following their policies.

Congratulations for tshowing exactly why the cloud shouldn't be used.

If your cloud isn't protecting you, or they just give the "It's not our responsibility" bullshit, you just have to put up with whatever they serve you. You are just another customer

Re:I see it everyday building hosts

[Ol+Olsoc]

Anyone's free to ask my sources in the security community where my data comes from

So you kinda have to tell us exactly who your sources in the security community are if we are to ask them, AC.

Re:Any of them really

[Ol+Olsoc]

They're listed in my program. I don't do others' homework for them. I just point the way to information.

APK

So are you tellimg me that I have to go to the trouble to attach a real name to you AC - so that I can see the person who wrote your program? You really don't want that do you?