There is an increasing use of cloud services to distribute malware, a new report said.
Cybercriminals are leveraging the services of Amazon, Google and GoDaddy to create, host and delete their malicious websites, according to security provider Solutionary’s SERT Quarterly Threat Intelligence Report for Q4 2013. The cloud enables attackers to infect millions of computers at very low costs.
In addition to creating their own sites, malicious actors are also compromising legitimate domains. This enables them to distribute malware while avoiding detection and geographical blacklisting.
In addition, the Solutionary report found 44 percent of the malware identified by the company’s Security Engineering Research Team (SERT) ended up hosted in the United States. Germany comes in second with 9 percent of detected malware.
As far as antivirus engines go, Solutionary said they are still important, but they’ve become less and less efficient in detecting malware. In one case investigated by the company, none of the top 40 engines detected the over 750 malicious files served by OVH-hosted websites.
During a two-week period, one of the malicious domains, bb.rauzqivu.ru, operated across 20 countries, 67 services providers and 199 unique IP addresses to avoid being detected.
“The information in this report will show our readers how widespread the malware problem truly is and how close it hits to home. We aren’t just talking about foreign espionage campaigns, APTs and breaches; many of these malicious activities are taking place within U.S. borders,” said Solutionary SERT Director of Research Rob Kraus.
“Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier. Now we have to maintain our focus not only on the most dangerous parts of the Web but also on the parts we expect to be more trustworthy.”
Click here to register for the SERT Quarterly Threat Intelligence Report Q4 2013.