Andrea Danti - Fotolia
Knowingly acting as an accomplice to a crime is frowned upon, but even being an unwitting accomplice can still burden your conscience. Botnets are the culprits responsible for hacking cloud security and turning innocent computer users into attackers without their knowledge. But, what is a botnet?
The term botnet is often bandied about in security circles, but isn't always used correctly. A botnet is a large group of computers running software controlled by a remote, master entity. However, just because an end device is part of a botnet doesn't necessarily mean malicious activity is afoot. Anticipating and attempting to mitigate scenarios where botnets attack is vital each time users connect an end device to the Internet. If an end user willingly engages in an instant messaging conversation, then the computer is essentially part of a botnet. Botnets typically -- though not always -- communicate via the Internet Relay Chat (IRC) protocol, which leads to the end user's involvement. Is the end user willingly engaging in such network behavior? Similar to proving guilt or innocence in a court of law, intent is a determining factor in deciding if an end user or device is responsible for nefarious activity.
Botnets bearing down on the cloud
Until recently, malicious botnet activity relied upon the creator's ability to evasively inject malicious software on to an end-user device -- either a physical host or virtual machine (VM). Thanks to research and development done by Rob Ragan and Oscar Salazar, it does not appear any type of malicious payload has to be injected on an end-user device in order to create a botnet.
Ragan and Salazar uncovered that it's possible to obtain resources from thousands of VMs by creating a script that acquires thousands of free or trial accounts from several existing cloud providers. The botnet works by creating thousands of fake email addresses and registering for cloud accounts that correspond to each address. Once the cloud accounts were created, Ragan and Salazar controlled over 1,000 virtual machines that could potentially to be used in a DDoS attack. The research proves botnets can swarm the cloud without hijacking a device, injecting malicious payloads or even violating any laws.
Who can protect from botnet attacks?
Although the average end user struggles with protecting from botnets, cloud providers should be a line of defense. A quick survey regarding the sign-up process for various cloud providers was a mixed bag. For example, Heroku requires new registrants provide and confirm a valid email address. Heroku confirms the email's validity by forcing users to follow further registration instructions provided in the email. However, CloudBees only requires new registrants to provide an email address in the proper format, creating weaker preventative measures.
If end users notice an unusually easy sign-up process for a new cloud platform account, they should consider using another provider to avoid potential botnet and security trouble.
About the Author:
Brad Casey is a former SearchSecurity.com expert. He holds an MS in Information Assurance from the University of Texas at San Antonio and has extensive experience in the areas of penetration testing, public key infrastructure, VoIP and network packet analysis. He is also knowledgeable in the areas of system administration, Active Directory and Windows Server 2008. He spent five years doing security assessment testing in the U.S. Air Force, and in his spare time, you can find him looking at Wireshark captures and playing with various Linux distros in VMs.
Weighing the risks of cloud data security
Security enhancements key to cloud models, IoT
Traditional IT systems security lacking compared to cloud