Amazon Web Services hosts more malware hosting sites than any other ISP or web hosting provider, according to a new report from security company Solutionary. In Q2 2014, AWS supported 41 percent of the identified malware hosts, up from 16 percent in Q4 2013.
According to the Security Engineering Research Team Quarterly Threat Intelligence Report for Q2 2014, the top 10 ISPs were the source of more than half (52 percent) of the malware identified in the second quarter.
In its report, Solutionary, an NTT Group company, identified the top 10 hosting providers that hosted malware out of more than 21,000 ISPs.
Following Amazon, European web host OVH hosted 13 percent of the malware in Q4, and Akamai hosted 12 percent. Also on the list were Google, Akrino, Hetzner Online, CloudFlare, CDN, GoDaddy and Website Welcome. While most providers on the list could be categorized as web hosts or ISPs, CDNs like CloudFlare or Akamai don’t technically host websites, just makes them faster and more secure.
A recent report by Kaspersky Labs suggests that while malware is a significant threat to companies, with 61 percent of companies suggesting that malware is the greatest external threat to their companies.
According to the report, “the data suggests that while some malicious actors are using the big providers directly (or compromising hosts on them), a significant number of actors are finding alternate providers. This suggestion is validated by the new appearance of smaller providers, such as Akrino and Website Welcome, in the updated top 10.”
The amount of malware hosted on GoDaddy’s platform decreased significantly from Q4 2013, falling from 14 percent to 2 percent in Q2 2014. The report suggests that this could be based on improved efforts on behalf of GoDaddy to shutdown domains actively hosting malware, or it is possible that “malicious actors have simply moved on to another service for the time being.”
“The findings on hosted malware in the Q2 threat report reinforce our research from 2013 and provide additional insights into the mindset and cunning of today’s attackers. The findings should provide the information security community with a good understanding of the threat landscape so they better understand the adversaries’ behavior,” Rob Kraus SERT director of research, Solutionary said. “From an organizational perspective, attention to detail, especially the security basics, is often enough to deter a malicious individual or group of individuals. The tricky part of information security, and the reason we must always be mindful of the trends in the industry, is that the second you make it more difficult for a malicious actor, they have already moved on the next weak link.”
Based on the locations of the top ten providers, it makes sense that the US is still host to most of the world’s malware. The US extended its lead from 44 percent of hosted malware in Q4 2013 to 56 percent in Q2 2014. France, Germany, and China represent the next largest samples, respectively.
Attackers in China are utilizing malicious SSH activity to gain administrative access to target systems. China accounts for 45 percent of these attacks, while the US comes in second at 17 percent.