The dark side of the cloud

As cloud-borne threats grow, anti-malware companies look to the cloud for solutions.

The stereotypical and over-used clichés of clouds being fluffy and white may lull us into a false sense of security. However, a recent study listing Dropbox as one of the top routes for malware to reach PCs reminds us the cloud has a dark side too.

Just as we look to the cloud for a business advantage, so do cyber-criminals eager to steal our money, our data and even our identities.

Of course, Dropbox itself is no more or less culpable than Microsoft or Mozilla, whose browsers can equally well serve up malware.

“If you're sharing information via the cloud it is bound to be a vector for infection,” claimed Leon Ward, a field marketing manager at Sourcefire - the anti-malware company responsible for study.

"Cybercriminals use exactly the same tools as legitimate businesses, and are becoming more proficient," added Michael de Crespigny, CEO of the Information Security Forum (ISF). And with allegations rife that hackers based in China, Russia and elsewhere are state-sponsored, he reminded us "Government espionage units have the same access to those tools" as well.

Yet, the cloud also remains a power for good. At the same time as identifying the cloud as a vector for malware infections, Sourcefire announced a new service which uses cloud-based resources to hunt through huge amounts of behavioural data.

FireAMP is a classic 'big data' application, relying on the compute power than only an elastic cloud can deliver to detect malware other defences have missed.

“Three and a half years ago we saw five to 10,000 signatures pushed out every day to fight malware, yet threats were bypassing existing security technologies,” said Oliver Friedrichs, a security expert and Sourcefire senior VP.

“Companies had up to date end-point protection, but they still had malware – and they didn't know how it got in.”  

“It became apparent that the problem was growing out of control,” he added. “We realised that we need to work on containment. We need to collect more information and analyse it to find attacks as they're happening, so we use the cloud to do behaviour analysis and file analysis in real time.”

However, while this should improve malware protection, Friedrichs admitted it could not solve the problem.

"Nobody can stop 100 per cent of threats, it is just not possible," he said.

Friedrichs also claimed any technological protection must be combined with social and other defences. That's because no matter how much technology you apply, there will come a time when the only thing between you and a security breach is how one of your colleagues decides whether or not to click on a link in a fake email.

Sign up for our free newsletter