December 20, 2012

Trend #1:  Government Malware Goes Commercial

Trend #3:  Strength in Numbers

 

Trend #3:  Strength in Numbers
Cloud computing, and in particular, Internet as a service, or IAAS, has become an important piece of modern commercial IT. Amazon EC2, for example, allows versatility and elasticity for organizations (big and small), allowing them to sustain a direct correlation between their business activity volume and IT costs.  The same holds true for the hacking community.

In 2013, we expect to see a growing use of IAAS by attackers for different activities. There are a number of aspects that make cloud computing an appealing offering for attackers, and, especially those that are profit driven:

  • Elasticity – the ability to quickly get hold of a lot of computing resources without too many prerequisites.
  • Cost – the ability to closely tie up spending with specific attack campaign and the potential gain.
  • Resilience – the use of commercial cloud-computing platforms reduces the ability of defenders to black-list attackers and adds much valued latency to the process of server takedown.

Over the past year we have seen a number of attack campaigns in which attackers were deploying attack servers in Amazon’s EC2 cloud. In particular, this practice is used with respect to fraud and business logic attacks whose network footprint is relatively low per server (and thus hard to detect as a network traffic anomaly). In addition, for DDoS attacks, such cloud offerings become very compelling. Using a stolen credit card number to pay for the cloud service, an attacker can mount a large scale attack from the cloud.  The attack can then be carried out for a long enough time period before a preventative action against the attacking servers can be taken.

Finally, expect to see more usage of on demand computing power as attackers obtain larger quantities of unstructured data and find themselves in a need of computing power in order to process their bounty.

Share:

Posted by Imperva Blogger at 11:37:05 AM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.