Hackers increasingly abuse public cloud services for DDoS attacks

Hackers are increasingly abusing public cloud services to carry out DDoS attacks. More than a quarter of DDoS attacks take advantage of this. The most abused public cloud service is Microsoft Azure.

The public cloud is increasingly being used by hackers to carry out DDoS attacks. A quarter of the criminals used such services to carry out the attacks between July 2017 and July 2018. That’s more than the year before, when 18.5 percent of the attacks were exploited by public cloud services.

Especially Azure

This is the conclusion of research by Link11’s Security Operation Center (LSOC). Microsoft Azure was most abused by hackers, namely in 38.7 percent of the cases. AWS was abused in 32.7 percent of the incidents and Google Cloud Platform in 10.7 percent of the attacks.

The people behind DDoS attacks embrace the use of public cloud services for the same reasons that legitimate organizations do: the services are flexible, offer on-demand capacity and resources and can be set up in minutes, says Aatish Pattni of Link11.

Little to do

For hackers and other malicious parties, the use of public cloud services is particularly convenient as they can use stolen credit card data and false identities to pay for the services. This means that attackers who abuse public cloud services cannot be tracked, even if providers take measures to prevent their services from being abused.

Link11 states that the public cloud is particularly attractive to hackers because of the speed it offers. Public cloud services offer between 1 and 10 Gbps, making it possible for criminals to fire a thousand times as many bots on websites as they could with IoT equipment.

There is little that can be done by companies to prevent hackers from abusing public cloud services. Service providers should focus on the analysis of communications between the public cloud service and the network, so that anomalies can be found quickly.