Web hosting centres around the world are being compromised by cyber-criminals that use them to launch major attacks against business and government, says Cisco in its annual security report. This threat really gained full steam last year, the company says.
"They're installing malware to maintain control over resources," says Levi Gundert, Cisco technical lead for threat research, analysis and communications about the rise of criminally-manipulated web hosting centres. Attackers commandeered these hosting centres to make use of servers and bandwidth to launch any manner of attacks, such as powerful distributed denial-of-service (DDoS) against targets elsewhere.
By stealthily commandeering these hosting centres, "their goal is to get access to bare metal" to hide but keep control over resources they want at their disposal, Gundert points out. Cisco believes there are "many thousands" of these compromised web hosting centres around the world whose resources now lie under cyber-criminal control, he says.
This finding by Cisco tallies with similar observations recently made by members of the Cloud Security Alliance (CSA), the group seeking to establish security standards and best practices for cloud-based services environments.
At its conference in Orlando last month, the CSA announced what it calls its Anti-Bot Working Group because the crippling DDoS attacks being launched against business web sites and networks often originate within hosting facilities. The group is conducting research on this and may come up with a process for certifying cloud providers that follow CSA best practices.
Cisco's annual threat report about trends in 2013 also asserted that there is a severe shortage of security professionals worldwide trained to detect and remediate problems in network infrastructure. Cisco estimates the shortage for this year will reach 1 million security professionals -- a trend that may prompt more businesses to turn to outsourced services.
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: [email protected]