Turns out legitimate businesses aren’t the only ones attracted by Amazon Web Service’s promises of reduced costs and flexible capacity. Cybercriminals are having a field day with Amazon’s cloud computing network.
Of the 10 biggest malware sites, the retail juggernaut hosts four, including download-instantly.com, the No. 1 hub for the distribution of such nefarious tools.
IT security firm Solutionary on Wednesday issued its Quarterly Threat Intelligence Report, which revealed, among other findings, that those four Amazon-supported sites (detailed above) account for 6 percent of the malware the firm uncovered worldwide. The U.S. is particularly riddled with malware, being home to Internet service providers that combined host a whopping 44 percent of it.
Instant access to virtual servers that can be put to illegal use is a large aspect of what makes Amazon’s hosting ideal for hackers and scammers. But beyond that, the company name and others like it also provide cover. Operating via Google or Amazon, Solutionary noted, “allows malware distributors to originate traffic from trusted address spaces that will not be blocked by geographic blacklists and would not likely draw suspicion based on IP address alone.”
Criminals needn’t even buy the services directly, as they can easily compromise legitimate domains. Especially insidious for Amazon, as the Washington Post points out, are botnets, which have been a significant problem since as early as 2009 and remain a critical concern. Just last week, LinkedIn elected to sue a group of hackers who used the Amazon cloud to scrape data from member profile pages.
Amazon, in its own defense, has touted a responsiveness to reports of abuse. The AWS security support page encourages users to get in touch via email and expect a non-automated reply within 24 hours, followed by progress updates every five working days. Overall, the e-commerce giant has taken an approach akin to that of a conciliating parent who lets their teen drink beer at home, where he can be closely monitored and his bad behavior quickly dealt with.
That, of course, would be a case of treating a symptom—not the cause.
H/T Washington Post | Photo by Joyyers/Flickr