Amazon Web Services is a popular choice among cyber-criminals for hosting their warez – a whopping 16 percent of global malware – security company Solutionary claims through its Quarterly Threat Intelligence Report [PDF].
The primary reason behind use of cloud based hosting is the ability to quickly and effectively distribute malware across the globe and that too at reduced costs. Further, cyber criminals can evade blacklisting as they are utilising trusted providers like Amazon and Google.
Rather than using just one provider, cyber criminals use multiple providers to expand their operations substantially and this is a huge advantage over setting up physical servers at multiple locations. One of the samples in the report was known to have spread across 20 countries using 67 providers, and 199 unique IP addresses.
The report claims that four out of the top ten malware hosting domains are hosted on Amazon. Though all major hosting providers have rigorous security policies in place against such malware hosting sites, the sheer number of orders on a daily basis makes individual screening and banning a rather daunting task.
The report also reveals that criminals are either buying services from cloud hosting providers directly or compromising sites that are hosted on these cloud providers. There have been instances wherein criminals have setup small sized campaigns that don’t trigger bandwidth over-usage alerts on Elastic Cloud Compute (EC2) service and have been known to expand their campaigns as necessary later on.
“The more lucrative the criminal activity, the more funds will be available to pay for the increasing capacity as it is needed,” the report noted.
After Amazon, GoDaddy and LeaseWeb are other popular choices with 14 percent and 13 percent of all malware being hosted through their services.