By: Sara Peters/ Posted on 8/11/2014
Researchers take advantage of cloud service providers' free trials and lousy anti-automation controls to use cloud instances like bots.
LAS VEGAS -- Black Hat USA -- Thrifty attackers, are you tired of investing your dollars in a botnet that's constantly being disrupted by new anti-virus signatures and bot downtime? A "cloudbot" might be just what you seek. As shown at Black Hat last week by Rob Ragan and Oscar Salazar, senior security associates at Bishop Fox, cloudbots are entirely free and very resilient, and they offer all the uptime of a cloud service with no need for malware. Good news for bot masters working on the cheap.
Bad news for cloud service providers that use poor anti-automation measures. As Salazar and Ragan showed in their Black Hat session, "Cloudbots: Harvesting CryptoCoins Like a Botnet Farmer," confirming registrations with email alone is not enough to prove a registrant is a unique human. Without adding captchas, SMS verification, or other anti-automation measures, online services could find themselves powering activities like cryptocurrency mining and denial-of-service attacks.
DarkReading/ Full Article Here/ http://www.darkreading.com/cloudbot-a-free-malwareless-alternative-to-traditional-botnets/d/d-id/1297878?
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.