scmagazine.com November 10, 2016
Study finds malware lurking in Amazon, Google and Groupon cloud services
Study finds popular cloud services compromised including those hosted by Amazon, Google and Groupon.
A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites.
Researchers from the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service” report.
The researchers also found hundreds of active repositories with malicious content containing several hundred “buckets” actively providing malware. Threat actors are using the cloud to deliver malware and other malicious things while remaining undetected and are using various methods ranging from traditional exploits to take advantage of poor configurations. Some of the exploits may even appear benign until they are arranged in a certain way, researchers said.
“When it comes to malicious buckets, our study found the new wave of repository-based cyberattacks,” Georgia Tech's School of Electrical and Computer Engineering professor Raheem Beyah told SC Media via emailed comments. “Cloud repositories have become the hub of malicious web activities.”
In one instance concerning potentially unwanted programs (PUP), the researchers found at least 11 bad cloud repositories from 3 different cloud platforms supporting 772 websites, Beyah said.
Beyah added that threat actors are taking advantage of the cloud because of how difficult it can be to scan the large amount of storage they provide. The report also found that cyber crooks are hiding their activities by keeping components of their malware in separate repositories that by themselves didn't trigger traditional scanners and the malware is only assembled when it's needed to launch an attack.
Researchers spotted a wide range of attacks in the cloud hosted repositories, ranging from phishing and common drive-by downloads to fake antivirus and computer update sites, the report said.
Sometimes the crooks would open an inexpensive account to host the software while others hide the malicious content in the cloud-based domains of well-known brands among good content to prevent the malware from blacklisting the domain.=====================================================================
Good Netiquette And A Green Internet To All!
Tabula Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value. TRS provides product, design, implementation and support services on all products that we represent. Additionally, TRS provides expertise in Network Analysis, eBusiness Application Profiling, ePolicy and eBusiness Troubleshooting. We can be contacted at:
email@example.com or 609 818 1802.===============================================================
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
Anyone who would like to review the book and have it posted on my blog or website, please contact me firstname.lastname@example.org.
In addition to this blog, I maintain a radio show on BlogtalkRadio online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahooa member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
Additionally, I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.