Lack of Abuse Detection Allows Cloud Computing Instances to Be Used Like Botnets, Study Says

Grazed from CIO. Author: Lucian Constantin.

Some cloud providers fail to detect and block malicious traffic originating from their networks, which provides cybercriminals with an opportunity to launch attacks in a botnet-like fashion, according to a report from Australian security consultancy firm Stratsec. Researchers from Stratsec, a subsidiary of British defense and aerospace giant BAE Systems, reached this conclusion after performing a series of experiments on the infrastructure of five "common," but unnamed, cloud providers.

The experiments involved sending different types of malicious traffic from remotely controlled cloud instances (virtual machines) to a number of test servers running common services such as HTTP, FTP and SMTP. In one test case, services running on a targeted server were accessible from the Internet, but the server was located in a typical network environment, behind a firewall and an IDS (intrusion detection system). The goal of this particular test was to see how the cloud provider would respond to the presence of outbound malicious traffic originating from its network…

In a different experiment, the targeted test server was set up inside a separate cloud instance from the same provider in order to test if the provider would detect malicious traffic sent over its own internal network…

Read more from the source @