A large number of organizations have moved their operations to the cloud in order to take advantage of the many benefits offered by the relatively new technology. On the other hand, the cloud has many benefits for cybercriminals as well.According to Amichai Shulman, CTO of Imperva, in 2013 we should expect to see a growing use of cloud-computing resources by cybercriminals.
Shulman explains that profit-driven aspects – such as elasticity, cost and resilience – of cloud computing are highly appealing for attackers.
More precisely, the cloud gives cybercriminals the ability to quickly get hold of a lot of computing resources without too many prerequisites. The use of commercial cloud platforms considerably reduces the ability of organizations to blacklist attackers and makes server takedowns much more difficult.
“During 2012 we have seen attack campaigns deployed from servers in the Amazon EC2 cloud. In particular, this practice is used with respect to fraud and business logic attacks whose network footprint is relatively low per server (and thus hard to detect as a network traffic anomaly),” Shulman told Softpedia.
“In addition, for DDoS attacks, such cloud offerings become very compelling. Using a stolen credit card number to pay for the cloud service, an attacker can mount a large scale attack from the cloud. The attack can then be carried out for a long enough time period before a preventative action against the attacking servers can be taken,” he added.
“Finally, expect to see more usage of on demand computing power as attackers obtain larger quantities of unstructured data and find themselves in a need of computing power in order to process their bounty.”
Marc Gaffan, co-founder and CMO of Incapsula agrees. He emphasizes the fact that hackers are always attracted to sophisticated and powerful attack methods.
“In the past, we have seen hackers harvesting and developing the power of botnets to build attacks on a larger scale. We have also seen hackers adopting emerging technology trends, such as automation to enable hundreds or thousands of attacks in parallel. Therefore, it makes sense hackers are drawn toward the emergence of the cloud,” Gaffan told us.
“The cloud is a flexible, elastic and powerful platform for conducting attacks on a large scale. With the cloud, enabling instant provisioning of immense computing and networking resources hackers will look to breach cloud computing accounts and co-opt the resources of that organization to launch massive attacks.”