Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Cloud Google The Internet

'Lurking Malice' Study Finds Malware Hiding In The Cloud (gatech.edu) 45

"Cloud repositories have become the hub of malicious web activities," warns one computer engineering professor. An anonymous reader quotes SC magazine: A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites. Researchers...scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the "Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service" report [PDF]...

[According to the researchers] threat actors are taking advantage of the cloud because of how difficult it can be to scan the large amount of storage they provide... service providers which are bound by privacy commitments and ethical concerns tend to avoid inspecting their customer's repositories without proper consent and even when they are willing to inspect them it is difficult to spot malicious content.

This discussion has been archived. No new comments can be posted.

'Lurking Malice' Study Finds Malware Hiding In The Cloud

Comments Filter:
  • Why do we care? (Score:5, Insightful)

    by Cigaes ( 714444 ) on Saturday November 12, 2016 @02:09PM (#53271957) Homepage

    Malware is a problem when people try to execute it. Malware laying in “cloud repositories” (what does that even mean?) is doing no harm except waste place. Why waste even more energy trying to scan it? Or even study it?

    • Because that's how it's distributed to clients, of course. To use an analogy: "guns only kill when they're fired at people". Therefore, we should take no notice of our aggressive neighbor amassing an army on our border.

      I do agree that "cloud repositories" is a pretty buzzword-bingo way to describe "e-mail and web servers".

      • by Cigaes ( 714444 )

        Your analogy is flawed in two ways.

        First, “cloud repositories” are not used just to distribute malware. But that is not the most important.

        Second, if someone shoots me with a gun, I die, I do not have any choice. If someone hands me malware, I ignore it and move to something else.

        Malware is a non-issue. The real issue is the abysmal security of consumer devices and software.

        • The problem with analogies is that they're all flawed in some way. I should know better by now, because invariable the arguments focus on the analogy rather than the point being made. Fine, forget the analogies.

          I'd agree that consumer device security is a major issue (especially with the short supported lifespans of phones and IoT devices), but I think analysis of malware is important in creating better security by analyzing attack patterns. I'm not sure how you could argue that the two are unrelated.

          If someone hands me malware, I ignore it and move to something else.


        • by rtb61 ( 674572 )

          Cloud repository is simply a digital warehouse for digital data. By that same token, real world warehouse are responsible for what they store and what they distribute and the law should be exactly the same for the digital warehouse. So what law do you propose to stop digital warehouse fucking purposefully distributing malware, the oops tee hee, I didn't know it was there and we were doing it, giggle, giggle, giggle. You distribute malware at a professional level, then prepare to face the legal consequences

    • Yes, why have a loaded handgun at a preschool and leave it laying on the table next to all the toys?

      People are inherently stupid. Even the ones who think they are smart tend to be stupid in at least several ways. If it is there, someone will execute it eventually. I used to have a small script that would ping a certain IP address every time it was executed. The firewall for the system at this address would alert me every time it was pinged from inside the network. It was a simple .bat file and I would name

    • by SeaFox ( 739806 )

      Malware is a problem when people try to execute it. Malware laying in "cloud repositories" (what does that even mean?).

      It means pundits get to coin a new web.0 term -- Dark Cloud .

  • In other news... (Score:4, Insightful)

    by mykepredko ( 40154 ) on Saturday November 12, 2016 @02:37PM (#53272115) Homepage

    Water is wet.

    If you want to keep data secure, keep it in house and hire people who know how to protect it.

    • Wait ... We can save how much money by eliminating that IT cost center??

    • Water is wet.

      If you want to keep data secure, keep it in house and hire people who know how to protect it.

      One of the best reasons to keep it in house is that the peeps keeping it secure are working for you.

      The cloud? You are just another customer, and how's all that customer support going, cloud peeps? Someone in Bangalore saying "Have you tried rebooting your computer?"

Many people are unenthusiastic about your work.