Stratsec critical of cloud security - calls it a potential haven for botnets
Hosting network services on Cloud platforms is getting more and more popular. It is not in the scope of this article to elaborate the advantage of using Cloud computing, instead, as the title of might have already inspired you, here we discuss the potential benefits available to malicious entities in using a Cloud platform (CP). In particular, we are going to see:
- What benefits do attackers get by using CP for their nefarious purposes?
- Can a CP be programmed to launch security attacks, propagate malware, or perform denial-of-service attacks?
- Are the current security features of CP providers robust in their detection and prevention of malicious usage?
The questions above were based a research study conducted at the Stratsec IT Security Winter School 2012[1]. The objective of this research was to investigate the security posture of Cloud providers in protecting against malicious usage (the security point of view), as well as assessing the effectiveness of such CPs for launching malicious activities (the attacker point of view). We define “botCloud” as a group of Cloud instances that are commanded and controlled by malicious entity to initiate cyber-attacks.
