According to Computer World, “Malware writers are ramping up their use of commercial file hosting sites and cloud services to distribute malware programs, security researchers said at this week’s Black Hat conference.” I’m not sure this is news to most of us in the cloud space, but it’s something to think about if you’re a cloud provider.
“Often, the owners of legitimate sites fail to properly scan the content they are hosting, which allows attackers to furtively post malicious code with relative ease, said Michael Sutton, vice president of research at ZScaler, a provider of cloud-based security services for enterprises.”
While cloud providers will get better at monitoring those who use their infrastructure for bad deeds, they won’t be able to catch everything. Given that clouds often cross borders, this sort of activity will be even more difficult to police.
This situation makes a good case for cloud providers to validate subscribers to avoid such issues. However, the second tier and third tier players won’t have the bandwidth to keep track of everything and everybody. So, we must continue to be on defense.