Is It Time for Cloud Providers to Control Malware Distribution?
Is malware only about unwanted software gaining access to secure information or the process of infecting websites? There is clearly more to this, including complex transfer distribution systems that make even trusted sites and applications play a role in this malicious activity.
There are several categories of people who may be involved in malware creation and several categories of malware itself—making this a very specialized segment of security engineering in the software development world. Malware distribution by and large is an illegal activity and government bodies continue to take condemning actions against malware creators and distributors.
Globally there are ongoing efforts to control malware creation and distribution—such as the Google Safe Browsing Program—but the reality is that malware circulation is on the rise. With the increased mobile computing options for users, the destructive reach of malware is on the rise. However, the reach cannot be solely attributed to the growth in mobile computing.
A more important reason is the growth in cloud computing. A decade ago, even though a piece of malware content was created, the destructive impact was not felt as much as it is today because hosting and distribution options were limited. The cloud has broken those barriers, and the Infrastructure-as-a-Service option has not only opened its arms to countless genuine users but also to some of these vice users.
A recent Quarterly Threat Intelligence Report by Solutionary has revealed some alarming numbers about malware distributors and their hosting providers. It reports that the US tops malware distribution globally at 44 percent. Four of the top ten malware distributors use Amazon Web Services for their hosting needs with Amazon hosting 16 percent of malware distributors and GoDaddy 14 percent of them.
News outlets that reported this study do not explicitly talk about Google’s role in this mix, but Google has its share in this whole process too, with an increasing number of mobile botnet’s using Google’s service. Although Amazon chief Jeff Bezos has mentioned it is good for Amazon to be hosting such malware so that they can work on controlling the malware, the real question is whether hosting providers are proactively rooting out malware or still just reactively providing service level agreements to monitor malware activity.
Since these malware distributors are covering themselves under the shield of such trusted hosting brands, isn't now the time for such brands to aggressively see what they can do to root out malware distribution? While the hosting providers do their homework and follow up to fix these hosting and distribution issues, we as users have our role to play in practicing safe measures to do our best to avoid becoming malware victims.