virus malware cloud 300x167 Attack as a Service: Criminals in the CloudIt seems like the benefits of the cloud appeal not just to businesses but also to criminals, as there are now reports that cyber criminals who are using the cloud to generate new revenue streams and as a means of simplifying their infrastructure. In what can only be described as “Attacks-as-a-Service,” many hackers are now offering shady cyber services done via cloud, such as offering botnets for lease or sale (which can be used to launch massive DDoS attacks), or to run bots meant to help players of online games cheat.

The most recent example has a Chinese group opening a site called IM DDODS, which allows customers to sign in and order DDoS attacks on any target they wish. According to security firm Damballa, the botnet being used by IM DDoS is fairly large and can be a huge problem for all but the biggest of hosts.

The IM DDoS site is written only in Mandarin (which is a good thing as that at least limits its use to people who understand the language, or those savvy enough to work out its usage using a crude online translation tool like Google Translate), and uses a self-service model, where customers can create accounts, choose targets, and launch the attacks themselves. Damballa reports that the site claims to only allow the targeting of non-legitimate web servers – such as gambling sites.

DDoS attacks on illegal sites is not without precedent, though uncommon. There are speculations that copyright holders and studios sometimes pay hackers or firms to launch DDoS attacks on pirated movie and file sharing sites in order to bring them down or at least make them inaccessible to other users.

AaaS is Inexpensive

According to some insiders, hiring a hacker is relatively cheap and won’t cost as much as a really good dinner at an upscale restaurant. Some hackers will crack e-mail passwords in less than 48 hours for $150 to $400. IM DDOS is actually even more generous, as they also offer free services along with their paid ones.

AaaS providers are actually running their sites like legitimate businesses, complete with service-level agreements, subscriptions, and even technical support for “lifetime customers.” However, these technical support sessions are done clandestinely, usually through the Chinese instant messaging service QQ.

According to Damballa, the malware that spreads IM DDOS’ bot software is nothing special, and sends out DNS requests often enough that detecting it should be fairly easy and can be prevented. However, the sheer size of the botnet that they already have is alarmingly large, and can pose a problem even if it stops growing.

Hottest IT Skills in 2013 – Cloud, Mobile and BI
In 2012, more than 1.7 million jobs in the field of cloud computing remained unoccupied, according to analysts firm IDC. READ MORE
How Cloud Computing Influences Digital Marketing
Cloud marketing has the ability to drastically change the ways in which they reach and engage their audience, particularly with regard to distributing and storing mission-critical data. READ MORE
Gartner: BYOD to Take Center Stage For Mobile App Use by 2017
More and more companies encourage their employees to work on their devices, thus reducing the cost of computer equipment, but also increase the cost to maintain licenses and safety. READ MORE
Maturity in the Cloud: Start Thinking Like a Grown-Up
Despite the inclination to wait until all of the cloud’s kinks have been worked out, holding off on cloud initiatives until the industry matures won’t guarantee success. READ MORE
PwC: Cloud, SaaS and Mobile Are Changing Software Industry
The software industry is undergoing major changes by trends such as cloud, SaaS, mobile technology and the “consumerization of IT”. READ MORE
10 Cloud Computing Game Changers
Here are the ten most influential cloud computing companies, and the reason why. READ MORE