Cybercriminals moving into cloud big time, report says

Global telecommunications equipment provider Alactel-Lucent's latest cybercrime attack predictions are covered in its recent report. No one is spared.

cybersecurity stock image

Alcatel-Lucent's Motive Security Labs division reckons that the cloud will increasingly become a major target for cybercriminals.

In its report on malware in 2014, the company cites a slew of recent cloud-based Distributed Denial-of-Service (DDoS) attacks as evidence that cloud attacks are escalating. It defines cloud services as those that are dependent on Internet-based server components.

But it doesn't stop there. The report also says mobile devices and the Internet of Things could become more common targets. Botnets will move to mobile, communications apps will be used again for civil protests, and cyber terrorism will attack mobile infrastructure.

Cloud attacks

The first example the report uses as evidence of an escalation in cloud attacks is the Christmas Day 2014 attack on Microsoft and Sony gaming servers by Lizard Squad. The servers were being used for Xbox and PlayStation.

The second incident was the RackSpace Domain Name System DDoS attack, also in December 2014, which affected its DNS setup and caused problems accessing RackSpace cloud services for 11 hours.

The third late-2014 example it uses was an Amazon EC2 server attack that hijacked cloud servers for Bitcoin mining purposes. In that case, a GitHub user discovered a bot scanning for Amazon API keys. Once the hacker had gotten the keys, he or she used them to grab Amazon cloud-based computing resources.

Mobile hactivism trouble

The telco equipment provider goes on to forecast more problems for IT.

It thinks mobile will be particularly susceptible to hactivism in the future, and that Low Orbit Ion Cannon (LOIC) DDoS apps for Android are just the beginning.

Indeed, you can peruse multiple LOIC DDos apps in the Google Play store.

Ostensibly, LOIC apps are used for stress testing, but in fact they can target any IP. If multiple users perform LOIC, which floods a server with packets, the server can experience a DDoS.

One LOIC app, published by Mohammad Adib, for example, has been available in the Play store since 2013.

DDoS via text

SMS text messaging and regular phone services are also possible future DDoS channels, the report says. Alcatel-Lucent is concerned about cyber terrorism against mobile infrastructure, of which it is a major supplier.

"Occupy the Internet"

The report poses the idea that in the future we might see communications apps specifically used to support protests. It says that we should imagine a movement called "Occupy the Internet."

We've already seen this, in fact. If you remember the British riots in 2011, you might recall the media calling them the "BlackBerry Riots." The use of mobile devices, in particular the BlackBerry, with its difficult-to-monitor, encrypted messaging system, allowed rioters to stay one step ahead of police.

Cloud botnets cheaper than PC

Even though 2014 residential botnet detections were flat, and dropped towards the end of 2014, Alcatel-Lucent reckons that botnets will move from classic sources, such as residential PCs, to the cloud and mobile. The reason: it's cheaper for criminals to work within the cloud.

Home routers

The Internet of Things will have problems, too. Home routers have historically been weak spots. Just this week, Lucian Constantin wrote for IDG News Service about 700,000 ISP-supplied routers being vulnerable to hacking.

Wi-Fi hotspots

And 2014 saw mobile Wi-Fi hotspots used in DNS DDoS amplification attacks, the report says.

Amplification attacks are when the DNS request message is increased in size, causing the target to receive more traffic volume.

And rounding out the predictions, Alcatel-Lucent's Motive Security adds that the future will see smart-meter and automobile compromises, among others in the IoT.

Copyright © 2015 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022