Hackers Exploit Amazon EC2 Instances to Launch DDoS Attacks in Cloud Computing Ecosystem

The cloud computing based distributed search engine – ElasticSearch – possesses bugs to exploit, and compromise the Amazon EC2 instances for launching DDoS attacks.

amazon ec2GREATRESPONDER.COM – This was announced by the principal researcher at Kaspersky Security Research Labs, Mr. Kurt Baumgartner that the main reason for distributed denial of service (DDoS) attacks in the cloud computing ecosystems happened due to the vulnerability in the ElasticSearch software, which allows the cyber criminals and hackers to exploit the vulnerability of the software and get the Amazon’s EC2 instances compromised. Later on, these compromised Amazon EC2 instances are used to launch the DDoS attacks on different cloud computing based servers and services across the cloud computing ecosystem.

While talking about the technical loopholes of the software, Baumgartner further elaborated that, “The attackers break into EC2 VMs by exploiting the CVE-2014-3120 vulnerability in Elasticsearch 1.1.x and then use a new variant of Linux DDoS Trojan Mayday – Backdoor.Linux.Mayday.g – to launch their attacks.” He further added in his official blog post that, “The [Mayday variants] in use on compromised EC2 instances oddly enough were flooding sites with UDP traffic only. The flow is strong enough that the DDoS victims were forced to move from their normal hosting operations IP addresses to those of an anti-DDoS solution.”

While talking about the gravity of the issue for the servers operating in the cloud computing environment, Mr. Baumgartner pointed out that, “The flow is also strong enough that Amazon is now notifying their customers, probably because of potential for unexpected accumulation of excessive resource charges for their customers. The situation is probably similar at other cloud providers.”

The director of solution architecture at Alert Logic Company, Mr. James Brown, is of the view that this issue does not lie in the responsibilities spectrum of Amazon’s cloud computing services due to the fact that company adheres to the Amazon’s Shared Security Model (ASSM), which agrees on the joint efforts of the customers and the company to implement the latest security patches and updates.

According to Mr. James Brown, “This is not an AWS issue; it is an issue for whoever administers those servers. With the shared security model that cloud platforms provide, it is vital that customers use tools like Intrusion Detection Systems, Vulnerability Detection, Web Application Firewalls and Log Management to build upon the security that their provider is giving them.”

Related Posts:

  • No Related Posts

U.S. Based OrcsWeb Cloud Computing Company Acquired By Canada Based SherWeb Company

With the acquisition of OrcsWeb cloud computing company, the Canadian firm plans to jump start into the launching of the public cloud services.

SherWebGREATRESPONDER.COM – This was announced by the SherWeb, the provider of cloud computing based Microsoft service in Canada region that it has acquired the OrcsWeb cloud computing service Provider Company, which is based in North Caroline state of America. The official statement did not disclose the amount of the deal, but it clearly informed that the deal has been closed officially on the 22nd day July, 2014.

This acquisition of OrcsWeb cloud computing service provider will enable the SherWeb to jumpstart the cloud computing services based on the public cloud, as informed by the company.

It was further informed in the official statement that, with this acquisition of OrcsWeb, SherWeb will get the access to the four important integrated data centers located in the USA, from which, OrcsWeb has been operating its cloud computing based services. Meanwhile, the expertise, and infrastructure of OrcsWeb will prove to be very helpful in competing with the high profile companies in the domain of cloud computing services.

In his official statement, the cloud computing product manager of SherWeb, Mr. Guillaume Boisvert said, “For 2014, introducing our own public cloud will be our main focus for both retail and our channel with the help of our customer focused policy to provide high performance cloud services,” he further added that “The idea for us is to go all out and provide top-of-the-line performance and really deliver that to our customers and to our partners. We tell our customers that our virtual servers will work as well as their dedicated servers.”

While talking about the nature of the service and its quality, the official statement further elaborated that the company plans to offer the most sophisticated hardware infrastructure of the prominent IT providers, the enterprise level security, high performance, industry grade customer support, and dedicated SSD storage to its customers to develop a sustainable market in this fiercely competitive domain of business.

Mr. Guillaume Boisvert further maintained that, “They (OrcsWeb management) really wanted us to offer that managed cloud, so it was really one of the drivers of the acquisition, so we could offer the right products for our channel.”

The analysts in this domain of cloud computing industry believe that it will be good opportunity for SherWeb to capitalize the expertise and infrastructure acquired from OrcsWeb in the market place.

Related Posts:

VMware, the Cloud Computing Virtualization Giant, Launches Second Datacenter in UK

This newly established data center in the UK region will cater the increasing demand for cloud computing services in the region.

vmwareGREATRESPONDER.COM – VMware has been working to fulfill its strategy to develop the software defined data centers across the globe to strengthen the cloud computing service portfolios of the company. The company has announced this weekend that it is going to launch the second data center in the London area of the United Kingdom to further strengthen its strategy to offer cloud computing infrastructures to the companies via software defined data centers across the globe.

The official statement further maintained that, this is the second data center in the region after having noticed the immensely huge demand in the cloud computing services based on the VMware’s vCloud.

It was further informed in the company announcement that vCloud Hybrid Service would be run from this innovative and the state of the art data center. Meanwhile, the strategic partnership with different companies and wholesalers would be established to use the hybrid cloud services of the company from this data center.

The company informed the media that the starting of this data center is the part of the global expansion of the company’s strategic business based on vCloud hybrid cloud computing services, in which a substantial number of data centers would be established in the USA, Japan, and other parts of the globe.

While talking about the technical aspects of the vCloud Infrastructure as a Service model of the cloud computing business of the company, the statement elaborated that this service will enable the customers across the broad to transfer both the – data, and the applications – in the cloud.

In his statement, the CEO of the VMware Company, Pat Gelsinger said, “The aim was to take a snapshot of a user’s environment, physical and virtual, then automatically recreate that in the vCloud Hybrid Service, either in parts or in full.”He further added that, “The cloud computing infrastructure service based on vCloud platform, would be very beneficial for the channel partners of the company in the United States, Europe and other regions of the world.”

The General Manager and the VP Cloud Service EMEA Gavin Jackson said, in his statement, “The customers initially started using the vCloud Hybrid Cloud for specific projects – most recently VMware added disaster recovery and data protection to the offering and Pivotal CF enterprise Platform-as-a-Service scaling technology.”

Related Posts:

  • No Related Posts