Andrea Danti - Fotolia

Manage Learn to apply best practices and optimize your operations.

Botnets creating security bugaboos for cloud users

Botnets can impact any cloud user, but most are unaware of the security nightmare's existence. Understanding and minimizing the opportunities for attacks can keep you from becoming an unwitting accomplice.

Knowingly acting as an accomplice to a crime is frowned upon, but even being an unwitting accomplice can still burden your conscience. Botnets are the culprits responsible for hacking cloud security and turning innocent computer users into attackers without their knowledge. But, what is a botnet?

The term botnet is often bandied about in security circles, but isn't always used correctly. A botnet is a large group of computers running software controlled by a remote, master entity. However, just because an end device is part of a botnet doesn't necessarily mean malicious activity is afoot. Anticipating and attempting to mitigate scenarios where botnets attack is vital each time users connect an end device to the Internet. If an end user willingly engages in an instant messaging conversation, then the computer is essentially part of a botnet. Botnets typically -- though not always -- communicate via the Internet Relay Chat (IRC) protocol, which leads to the end user's involvement. Is the end user willingly engaging in such network behavior? Similar to proving guilt or innocence in a court of law, intent is a determining factor in deciding if an end user or device is responsible for nefarious activity.

Botnets bearing down on the cloud

Until recently, malicious botnet activity relied upon the creator's ability to evasively inject malicious software on to an end-user device -- either a physical host or virtual machine (VM). Thanks to research and development done by Rob Ragan and Oscar Salazar, it does not appear any type of malicious payload has to be injected on an end-user device in order to create a botnet.

Ragan and Salazar uncovered that it's possible to obtain resources from thousands of VMs by creating a script that acquires thousands of free or trial accounts from several existing cloud providers. The botnet works by creating thousands of fake email addresses and registering for cloud accounts that correspond to each address. Once the cloud accounts were created, Ragan and Salazar controlled over 1,000 virtual machines that could potentially to be used in a DDoS attack. The research proves botnets can swarm the cloud without hijacking a device, injecting malicious payloads or even violating any laws.

Who can protect from botnet attacks?

Although the average end user struggles with protecting from botnets, cloud providers should be a line of defense. A quick survey regarding the sign-up process for various cloud providers was a mixed bag. For example, Heroku requires new registrants provide and confirm a valid email address. Heroku confirms the email's validity by forcing users to follow further registration instructions provided in the email. However, CloudBees only requires new registrants to provide an email address in the proper format, creating weaker preventative measures.

If end users notice an unusually easy sign-up process for a new cloud platform account, they should consider using another provider to avoid potential botnet and security trouble.

About the Author:
Brad Casey is a former SearchSecurity.com expert. He holds an MS in Information Assurance from the University of Texas at San Antonio and has extensive experience in the areas of penetration testing, public key infrastructure, VoIP and network packet analysis. He is also knowledgeable in the areas of system administration, Active Directory and Windows Server 2008. He spent five years doing security assessment testing in the U.S. Air Force, and in his spare time, you can find him looking at Wireshark captures and playing with various Linux distros in VMs.

Next Steps

Weighing the risks of cloud data security

Security enhancements key to cloud models, IoT

Traditional IT systems security lacking compared to cloud

This was last published in September 2014

Dig Deeper on Cloud security tools

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchWindowsServer

Close