Practically all of the major antivirus companies have started using in-the-cloud technologies or are planning to use them in the nearest future. Despite the undoubted advantage with regard to the struggle against attacks, in-the-cloud technologies are themselves sure to be a prime target for the cybercriminals.
The eternal conflict between virus and antivirus has, up to the present moment, been largely going on at the level of files and processes on the end users’ machines. Malware programs have been trying to destroy the antivirus system by different means or attempting to persuade the user to switch it off themselves.
With the beginning of cloud- technology detection and categorization, a new front has opened up in this war. Malware programs, or to be more precise – their authors, will have to solve the problem of attacking the cloud. Although technologically it is practically impossible to destroy the cloud, direct mass DDoS attacks aside, it is quite vulnerable in terms of its own functionality - receiving, processing and sending information to and from the end users.
Problems within the very architecture of the majority of antivirus clouds will be actively used by the cybercriminals, and the first examples of such actions can be seen already. The most widespread and simple method of disabling cloud technologies is to block computer access to the cloud. More complex methods include the substitution of data –with the aim of ‘trashing’ the cloud with false information, as well as modification of the data received from the cloud.
Such ‘trashing’ is probably the most dangerous threat. Blocking access to the cloud or the modification of responses from the cloud specifically affects only infected users, but inputting false data into the cloud
will influence every single user. This would bring with it not only an absence of detection, but also to a more serious problem – false positives, which would lead to a general decline in the level of trust in cloud-based technologies and to the necessity to revise or alter their performance algorithms.
With the increase in the number of antivirus technologies that operate using in-the-cloud technologies, there will be a constant quantified and qualified growth in the number of attacks upon them from malware programs on clients’ computers, and additionally with the help of special services, supported by the cybercriminals.
The eternal conflict between virus and antivirus has, up to the present moment, been largely going on at the level of files and processes on the end users’ machines. Malware programs have been trying to destroy the antivirus system by different means or attempting to persuade the user to switch it off themselves.
With the beginning of cloud- technology detection and categorization, a new front has opened up in this war. Malware programs, or to be more precise – their authors, will have to solve the problem of attacking the cloud. Although technologically it is practically impossible to destroy the cloud, direct mass DDoS attacks aside, it is quite vulnerable in terms of its own functionality - receiving, processing and sending information to and from the end users.
Problems within the very architecture of the majority of antivirus clouds will be actively used by the cybercriminals, and the first examples of such actions can be seen already. The most widespread and simple method of disabling cloud technologies is to block computer access to the cloud. More complex methods include the substitution of data –with the aim of ‘trashing’ the cloud with false information, as well as modification of the data received from the cloud.
Such ‘trashing’ is probably the most dangerous threat. Blocking access to the cloud or the modification of responses from the cloud specifically affects only infected users, but inputting false data into the cloud
will influence every single user. This would bring with it not only an absence of detection, but also to a more serious problem – false positives, which would lead to a general decline in the level of trust in cloud-based technologies and to the necessity to revise or alter their performance algorithms.
With the increase in the number of antivirus technologies that operate using in-the-cloud technologies, there will be a constant quantified and qualified growth in the number of attacks upon them from malware programs on clients’ computers, and additionally with the help of special services, supported by the cybercriminals.