The popularity of the cloud has led to hackers finding the Internet-based data storage system ripe for the picking.
The cloud is primarily used to store files and free up space on individual computers. The cloud also makes it easier to share files with other people.
However, according to a new study, bad actors have utilized the cloud as a place to hide malware and trick users into downloading suspicious links and attachments.
Raheem Beyah, a computer engineer at the Georgia Institute of Technology, said that he and a co-worker searched for malware in files stored by 20 different companies that store people’s data including both Google and Amazon.
The researchers probed approximately 140,000 websites on 20 cloud hosting sites and scanned 6,885 cloud repositories, 694 of which contained malware.
“Bad actors have migrated to the cloud along with everybody else,” Beyah said in a statement. “The bad guys are using the cloud to deliver malware and other nefarious things while remaining undetected.
“The resources they use are compromised in a variety of ways, from traditional exploits to simply taking advantage of poor configurations.”
Beyah and graduate student Xiaojing Liao concluded that the malicious hackers could hide their activities by keeping components of their malware in separate repositories that by themselves didn’t trigger traditional scanners but only when they were needed to launch an attack were the different parts of the malware assembled.
“Some exploits appear to be benign until they are assembled in a certain way,” Beyah said. “When you scan the components in a piecemeal kind of way, you only see part of the malware and the part you see may not be malicious.”
A main reason the bad actors have targeted the cloud is because it is difficult to scan so much storage and operators of cloud hosting services may not have the resources to do the deep scans that may be necessary to find the bad repositories.
“We observed that there is an inherent structure associated with how these attackers have set things up,” Beyah said. “For instance, the bad guys all had bodyguards at the door. That’s not normal for cloud storage and we used that structure to detect them.”
Beyah discovered that some bad actors opened an inexpensive account and began hosting their software while others hid the malicious content in the cloud-based domains of well-known brands, intermingling the bad content with the good content to trick users.
Some of the attacks observed include phishing and common drive-by downloads to fake antivirus and computer update sites.
To combat this growing problem the researchers developed “BarFinder,” a scanner tool that automatically searches for and detects features common to the bad repositories.