Cloud computing may be a place for malicious files to be stored and transmitted from.
David Hobson, managing director of GSS, warned that cloud computing may turn into a ‘malware-fest' after researchers detected a method of using the Amazon EC2 service as a BitTorrent host/downloading mechanism.
Hobson said: “Using P2P programs like BitTorrent has always been a risky procedure for PC users owing to the issue of infections arriving along with the pirated software and other executables. Reports have just come in, in fact, that BitTorrent is hosting a malware-loaded version of the Apple iWork software.
“What is even more worrying, however, is the fact that researchers have developed a method of using the Amazon EC2 Cloud Computing service as a remote harvester and hosting system for BitTorrent files.”
He claimed that hackers could use a prepaid (and anonymous) debit card to pay the $75 a month fee to Amazon and harvest BitTorrent applications at high speed with little or no chance of detection. This will raise P2P filesharing to a whole new level, and is almost certain to dramatically increase the usage of BitTorrent - with all the risk the facility entails - amongst experienced internet users.
Hobson warned companies thinking of using cloud computing services to think very carefully about extending their IT security envelope to counter this and other issues that arise from the use of the cloud.
He said: “The danger here is that companies may find their staff FTP-ing files from Amazon EC2 - a completely legitimate domain - to the firm's computers, resulting in an internal computer infection. The consequences of this do not bear thinking about.”
Lew Moorman, chief strategy officer at Rackspace, said: “I have no doubt there are some WiFi vulnerabilities, but there are also emerging technologies to close them. As we move all our data to the cloud, we are going to have to understand where we are at risk and where we are not.
“The truth is being unconnected is simply not an option anymore. Even if you keep data on your PC, you have to connect. This opens up vulnerabilities. I am confident the technology world will meet these challenges. There is too much at stake not to. Corporate VPN is already helping a great deal. But, I am sure we will see consumer grade protections emerge as well.”