Cloud Services – on the attack!


About 4 years ago I posted an article on Cloud Services and the possible risks they could pose.  Being the usual, paranoid, security geek I am, my systems and servers are entrusted to multiple firewalls and network scanning tools in what will ultimately, I suspect, a vain attempt to keep all my Information Systems Information mine.

So I was somewhat dismay, when analysing the logs on one of my firewalls to find these entries.

port scans caught by UTM

Upon checking to see who might be perpetrating such a filthy attack on my little SOHO (Small-Office-Home-Office) network, I was surprised to find it was none other than Amazon and Akamai.  For anyone who doesn’t know, these are two of the largest cloud service providers in the world.

As can be seen from the simple WHOIS check of the first attacking address (23.45.196.15) it is from Akamai Technologies Inc.

Akamai scanning for open unassigned ports

According to Akamais website, they are trusted by:

  • 20 of the top global e-commerce sites
  • 30 of the top media and entertainment companies
  • 18 of the largest asset managers
  • 12 of the top insurers
  • 96 of the top U.S. retailers
  • 9 of the largest newspapers

Yet here they are allowing there systems to participate in a port scanning attack on a little I.T. Security Company in Canada.   Not only that, they are scanning for unassigned TCP/UDP ports.  This is a technique used by hackers to search for services that might have been moved to a non-standard port.  We do this in the security world specifically to make things more secure, so scanning for these ports is particularly worrisome.

Hmmm!   One wonders what they should be trusted with?

As for Amazon, who were caught red-handed with this WHOIS on their port scan attack,

Amazon scanning for open Apple ports

They appeared to be looking for Apple Storage devices.  No doubt their Big-Data project isn’t big enough so they appear to be allowing their network to look and claim more data illicitly from Apple networks.

Tough luck this time boys (and girls).  Had you got through that UTM appliance, you would have had another three to crack.  In addition you’d have had to avoid my honeypot services.

I’ve been doing this longer than you have, and it is my aim to help more and more smaller businesses and home network users to make their systems invisible to the likes of those larger organisations who appear to be either complicit in, or negligent for, allowing these attacks to be initiated from their networks.

So can you really trust the cloud and cloud service providers?

About as much as you can trust flying into a thundercloud in a microlight, and hoping to come out the other side unscathed, in my personal opinion

Want to know more about how I protect my own systems and those of my clients?  Contact me by completing the contact form below.  We will not share your contact details with anyone else.

Loading