Last Updated on May 24, 2015

This morning, during my usual virtual promenade through my feeds, I came across a really interesting post from Stratsec, a subsidiary of Bae Systems.

The post unveils the details of an unprecedented experiment aimed to verify how easy and cheap is to setup a botCloud and how hard is for the Cloud providers to detect them (and consequently advise the victims).

As the name suggests, a botCloud is defined as a group of Cloud instances that are commanded and controlled by malicious entity to initiate cyber-attacks.

The research was carried on by subscribing to five common Cloud providers and setting up to 10 Cloud instances targeting a victim host, protected by traditional technologies such as IDS, and flooded with several common attack techniques (malformed traffic, non-RFC compliant packets, port scanning, malware traffic, denial of service, brute force, shellcode and web application attacks) in 4 scenarios:

1. Victim host placed in a typical network scenario with a public IP, firewall and IDS;
2. Victim host setup as a cloud instance inside the same cloud service provider then the attackers;
3. Victim host setup as a cloud instance inside a different cloud service provider then the attackers;
4. Same scenario as test 1 with a major duration (48 hours) to verify the impact of duration on the experiment;

 The findings are not so encouraging, and confirm that the security posture of the cloud providers needs to be improved:

• No connection reset or connection termination on the outbound or inbound network traffic was observed;
• No connection reset or termination against the internal malicious traffic was observed;
• No traffic was throttled or rate limited;
• No warning emails, alerts, or phone calls were generated by the Cloud providers, with no temporary or permanent account suspensions;
• Only one Cloud provider blocked inbound and outbound traffic on SSH, FTP and SMTP, however these limitation was bypassed by running the above service on non-default port.

The other face of the coin is represented by the moderate easiness needed to setup an army of cloud-hidden zombie machined which can leverage the advantages of a Cloud infrastructure. In fact a botCloud

• Is relatively easy to setup and use;
• Needs significantly less time to build;
• Is Highly reliable and scalable;
• Is More effective;
• Has a Low cost.

Cloud Service Providers (and their customers), are advised…