Amazon Web Services and GoDaddy may be the top cloud hosting providers being used to distribute malware, according to research from security-as-a-service provider Solutionary.
Malware distributors are leveraging the accessibility and availability of cloud services providers, and according to a new security report from Solutionary, Amazon Web Services (AWS) ranks right at the top for cloud-hosted malware.
Solutionary claims that 16 percent of cloud-based malware is hosted on Amazon's public cloud service. GoDaddy comes in at number two at 14 percent. But according to Solutionary, top cloud hosting providers, including AWS, GoDaddy and Google (GOOG), "have made it economical for malicious actors to use their services to infect millions of computers and vast numbers of enterprise systems."
"Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier," said Rob Kraus, Solutionary SERT director of Research, in a prepared statement. "Now we have to maintain our focus not only on the most dangerous parts of the web but also on the parts we expect to be more trustworthy."
Solutionary, an NTT Group Security company, is a provider of security-as-a-service and managed security offerings. The claims regarding top cloud providers were published in the company's "Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q4 2013."
Security threats in the cloud are certainly not unheard of, but it seems a bit alarmist to lead readers to believe it's a widespread problem and, as others have noted in covering the report, call Amazon a "haven of malware."
Amazon declined to comment, but the company does have policies in place regarding malicious behavior in its data centers. The cloud provider has automatic and manual systems in place to detect and block attacks before they leave its infrastructure. It also encourages organizations to report any malicious behavior.
To quote Douglas Adams: "Don't panic."
Solutionary's report has a point to make about cloud security and, in particular, choosing cloud services and cloud services providers carefully. The frequency of attacks wasn't a focus of the report.