Cloud computing sets perfect scene for cyber crime
By George Chang, Fortinet 28-Jul-2010
Cloud computing is a perfect scene for the acts of cyber criminals.
In fact, the cloud gathers traffic at centralized locations, allowing them to achieve critical mass for attacks. And as everybody is still figuring out how to secure cloud computing optimally, the opportunity to strike remains immense for cyber criminals and their syndicates.
This is based on the basic idea that the bigger the attacked pool, the greater the probability of successful attacks. Indeed, the collection of bots forms a well harvest pool of computing resource and services for cyber criminals, who then market their services as Crimeware-as-a-Service (CaaS).
For cyber criminals today, it is solely about making money, and lots of it. Viruses, phishing e-mails and botnets are steadily draining hundreds of millions of dollars a year out of the global economy, and yet frameworks for international political action and efficient anti-cybercrime measures continue to hang in the balance.
'Cloud' in the cyberspace
Let’s take a step back and view the cyberspace since the mass popularization of the Internet, which is possibility the key driver for the accelerating threats.
As Internet usage proliferates and users congregate, the number of sophisticated cyber attacks will inevitably increase. As the online world mimics real-life, users might develop a false sense of security and divulge more than they have intended to do so.
This gets dangerous as the same users buy, check their banking accounts and upload their entire contacts database and other personal information online. A good example of it is Facebook. While it is not a new social networking phenomenal, it is definitely one of the most successful platforms and its success does attract cyber criminals to siphon valuable personal data for targeted social engineering attacks.
This is one aspect how cyber criminals leverage the cloud for their attacks. As information continues to flow through public pipes, cloud risks increase and with the cloud, once the data leaves your fingertips, it becomes almost impossible to control where it goes later. In addition, cybercrimes are incredibly hard to trace and even less likely to be reports, since large enterprises are likely to be embarrassed admitting that their networks have been compromised. In such instances, the perpetrator gets to go scot-free.
In the greater schema of things, well-organized cyber criminals also can easily harvest botnets via common cloud applications, which are not new but have become more prevalent in the recent times, as users continue to let their guard down and network with increasing speed online. With a ready pool of botnets, cyber criminals can launch denial of service attacks (also more commonly known as DDoS attacks) at any organization from any location in the world.
This creates a time bomb effect for public and private organizations to be attacked anytime; thus comparable to a real life terror attack, where the perpetrator gets the chance to get out of jail free! While IP addresses can be tracked online, it is not a person. Using international networks of millions of Bot-infected machines of innocent users, cyber criminals are far removed (physically and virtually) from the cybercrime scene literally.