In Cloud computing has become a ubiquitous technology term in the past few years, but more thought needs to be given to the impact of cloud computing in cyber attacks. The elastic and resilient benefits of cloud computing, coupled with its low cost, make it an attractive platform for hackers to launch attacks.
According to Imperva, an enterprise application and data security firm, some clever hackers have already begun to leverage cloud computing to launch attacks. With cloud becoming ever so pervasive, the firm expects the trend to grow more prominent in 2013.
Cloud computing, and in particular, Internet as a service, or IAAS, has become an important piece of modern commercial IT. Amazon EC2, for example, allows versatility and elasticity for organizations (big and small), allowing them to sustain a direct correlation between their business activity volume and IT costs. The same holds true for the hacking community.
In 2013, researchers at Imperva expect to see a growing use of IAAS by attackers for different activities. According to them, there are a number of aspects that make cloud computing an appealing offering for attackers, and, especially those that are profit driven:
Elasticity: The ability to quickly get hold of a lot of computing resources without too many prerequisites.
Cost: The ability to closely tie up spending with specific attack campaign and the potential gain.
Resilience: The use of commercial cloud-computing platforms reduces the ability of defenders to black-list attackers and adds much valued latency to the process of server takedown.
Over the past year we have seen a number of attack campaigns in which attackers were deploying attack servers in Amazons EC2 cloud. In particular, this practice is used with respect to fraud and business logic attacks whose network footprint is relatively low per server (and thus hard to detect as a network traffic anomaly). In addition, for DDoS attacks, such cloud offerings become very compelling. Using a stolen credit card number to pay for the cloud service, an attacker can mount a large scale attack from the cloud. The attack can then be carried out for a long enough time period before a preventative action against the attacking servers can be taken, said the firm.
Imperva researchers also predicted greater use of on demand computing power as attackers obtain larger quantities of unstructured data and find themselves in a need of computing power in order to process their bounty.
Add new comment