'Lurking Malice' Study Finds Malware Hiding In The Cloud (gatech.edu)

← Back to Stories (view on slashdot.org)

'Lurking Malice' Study Finds Malware Hiding In The Cloud (gatech.edu)

Posted by EditorDavid on Saturday November 12, 2016 @05:34AM from the surveying-servers dept.

"Cloud repositories have become the hub of malicious web activities," warns one computer engineering professor. An anonymous reader quotes SC magazine: A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites. Researchers...scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the "Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service" report [PDF]...

[According to the researchers] threat actors are taking advantage of the cloud because of how difficult it can be to scan the large amount of storage they provide... service providers which are bound by privacy commitments and ethical concerns tend to avoid inspecting their customer's repositories without proper consent and even when they are willing to inspect them it is difficult to spot malicious content.

9 of 45 comments (clear)

Min score:

Reason:

Sort:

Why do we care? by Cigaes · 2016-11-12 06:09 · Score: 4, Insightful

Malware is a problem when people try to execute it. Malware laying in “cloud repositories” (what does that even mean?) is doing no harm except waste place. Why waste even more energy trying to scan it? Or even study it?
1. Re:Why do we care? by Dutch+Gun · 2016-11-12 06:46 · Score: 2
  
  Because that's how it's distributed to clients, of course. To use an analogy: "guns only kill when they're fired at people". Therefore, we should take no notice of our aggressive neighbor amassing an army on our border.
  I do agree that "cloud repositories" is a pretty buzzword-bingo way to describe "e-mail and web servers".
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
2. Re:Why do we care? by SeaFox · 2016-11-12 07:10 · Score: 2
  
  Malware is a problem when people try to execute it. Malware laying in "cloud repositories" (what does that even mean?).
  It means pundits get to coin a new web.0 term -- Dark Cloud .
3. Re:Why do we care? by Dutch+Gun · 2016-11-12 07:24 · Score: 2
  
  The problem with analogies is that they're all flawed in some way. I should know better by now, because invariable the arguments focus on the analogy rather than the point being made. Fine, forget the analogies.
  I'd agree that consumer device security is a major issue (especially with the short supported lifespans of phones and IoT devices), but I think analysis of malware is important in creating better security by analyzing attack patterns. I'm not sure how you could argue that the two are unrelated.
  
  If someone hands me malware, I ignore it and move to something else.
  Oh, if only it were that simple. There are examples of malware that require no user interaction in order to compromise a machine, as demonstrated by the semi-recent Stagefright flaws in Android, or any number of "go to this webpage and you're infected" attacks in the past. The reason critical-rated vulnerabilities are often so labeled is because there's nothing a user can do to mitigated it, short of avoiding it or disabling the offending feature - one of the reasons many people like myself block ads. These are a bit more rare than they used to be, but they still show up once in a while.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
In other news... by mykepredko · 2016-11-12 06:37 · Score: 3, Insightful

Water is wet.
If you want to keep data secure, keep it in house and hire people who know how to protect it.

--
Mimetics Inc. Twitter
Re:The cloud is a joke by roc97007 · 2016-11-12 10:49 · Score: 2, Insightful

Because, it's a fad. Like outsourcing. The people making the decisions typically aren't technologists, and tend to believe the marketing hype.

--
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Re:The cloud is a joke by AHuxley · 2016-11-12 14:00 · Score: 2

AC its groupthink. https://en.wikipedia.org/wiki/... The experts offer huge amounts of storage, fast networking, low cost energy and CPU time for cents on the $.
But with that comes a total loss of control. What random code is in the same location with your brand? What is been done in your brands name?
On site experts can ensure your site and brand is clean and fast on totally controlled hardware and software. A cloud offers network balance globally but with a risk to reputation.

--
Domestic spying is now "Benign Information Gathering"
Re:The cloud is a joke by Ol+Olsoc · 2016-11-12 14:02 · Score: 2

If the cloud is so bad, why is it that virtually all companies are looking to move to it, ditching all enterprise-grade hardware on premises is their edge router to the Internet and AWS? Like it or not, it is the way of the future.
The suits have been sold on how inexpensive it is, and how they can get rid of a lot of employees. This leads to bigger bonuses.
And just like every insourcing versus outsourcing battle, it will be cyclical.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Re: Why are not the host of these cloud services by Ol+Olsoc · 2016-11-12 14:10 · Score: 2

The cloud providers are not police men. They have no responsibility to make sure their customers are following their policies.
Congratulations for tshowing exactly why the cloud shouldn't be used.
If your cloud isn't protecting you, or they just give the "It's not our responsibility" bullshit, you just have to put up with whatever they serve you. You are just another customer

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.