Hackers See Opportunities in The Cloud According to DEF CON Survey

A survey conducted at the recent DEF CON Hacker conference in Las Vegas revealed that hackers see the cloud as an attractive hacking target.

The survey, carried out amongst 100 of the IT professionals attending DEF CON, revealed that 96 percent think the cloud will open up more hacking opportunities for them.

The poll, sponsored by Fortify Software, showed that 21 percent believe Software-as-a-Service (SaaS) cloud systems are viewed as being the most vulnerable, with 33 percent of the hackers having discovered public DNS vulnerabilities, followed by log files (16 per cent) and communication profiles (12 per cent) in their cloud travels.

“89 percent of respondents said they believed this was the case and, when you analyze this overwhelming response in the light of the fact that 45 percent of hackers said they had already tried to exploit vulnerabilities in the cloud, you begin to see the scale of the problem,” said Barmak Meftah, chief products officer at Fortify. “While ‘only’ 12 percent said they hacked cloud systems for financial gain, that still means a sizeable headache for any IT manager planning to migrate their IT resources into the cloud,” he added.

According to Meftah, when you factor in the prediction from numerous analysts that at the start of 2010 20 percent of businesses would have their IT resources in the cloud within four years, you begin to appreciate the potential scale and complexity of the security issues involved.

In the many predictions, he explained, 20 per cent of organizations would own no appreciable IT assets, but would instead rely on cloud computing resources – the same resources that 45 percent of the DEF CON 2010 attendees in the survey cheerfully admitted to already having tried to hack.

“More than anything, this research confirms our ongoing observations that cloud vendors – as well as the IT software industry as a whole – need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource,” Meftah added.