Communications of the ACM
Study Finds 'lurking Malice' in Cloud Hosting Services
A new study has found that as much as 10% of the repositories held by cloud hosting services have been compromised.
Credit: Alamy
Up to 10% of the repositories held by cloud hosting services have been compromised, according to a study by researchers at the Georgia Institute of Technology, Indiana University Bloomington, and the University of California, Santa Barbara.
The researchers presented their findings on Monday at the ACM Conference on Computer and Communications Security (CCS 2016) in Vienna, Austria.
The team found bad actors could hide their activities by keeping components of their malware in separate repositories that by themselves did not trigger traditional scanners. The different parts of the malware were assembled only when they were needed to launch an attack, but this strategy also created a technique for finding the "bad buckets" hosting the different pieces of malicious software.
The researchers found many bad actors had redundant repositories connected by specific kinds of redirection schemes that enabled attacks to continue if one bucket were lost. In addition, the bad buckets usually had "gatekeepers" designed to keep scanners out of the repositories.
The researchers started by studying a small number of known bad repositories to understand how they were being used, and then created "BarFinder," a scanner tool that automatically searches for and detects features common to the repositories.
The team scanned more than 140,000 sites on 20 cloud hosting sites and found about 700 active repositories with malicious content.
From Georgia Tech News Center
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found