During our recent research we have been seeing an uptick in the number of cloud hosting providers that are hosting malware and malicious content as well as viruses. The elastic nature of cloud providers provisioning is allowing hackers to take over legitimate customers sites shortly after they a provisioned and before security settings can be applied. During our testing the average time from provisioning until most sites are infected or hacked is less than 25 minutes.
This is troubling and it seems hackers love these cloud environments because of the lack in security controls when a node is brought online. Just as quickly as they appear they can be taken offline and re-provisioned and the process begins again. It's a cat and mouse game at it's finest.
We are noting many malware C+C servers are being hosted on a handful of cloud providers to include Amazon and Cisco web services clouds. It's difficult to block by IP or hostname in some cases because hundreds or even thousands of legitimate host may be natted behind a single IP.
The purpose of this page is to provide awareness to individuals and organizations that are leaking information and the information of their customers. The entities listed on this site are verified to be leaking personal information sometimes without the company even being aware. SLC Security is now owned and operated by Jigsaw Security Enterprise. We are currently in process and as such this blog will eventually be taken offline and merged with Jigsaw Security resources.
No comments:
Post a Comment