Serverless computing continues to grow as cloud consumers expand their use of technologies like AWS Lambda and Google Cloud Functions. Serverless functions are ephemeral by nature, which creates not only a paradigm shift in application architecture, but also strengthens application security as well.
It’s tempting to imagine that this ephemerality will do away with the risk of botnets in the cloud environment. In a statement that is highly unlikely to surprise you, the truth is that serverless apps aren’t entirely impervious to botnets. While it may at first seem that serverless functions, with their short lifespan, are not candidates for creating a useful botnet, attackers, like nature, find a way.
In this report, we show that not only is it possible to create long lived botnets out of short lived functions, but that serverless functions have some distinct advantages to the bot herders and if left unchecked we can expect serverless functions to become prime targets for building botnets.
As shown in the below video, we built a prototype serverless botnet on Google Cloud Functions platform. The goal of this prototype is to demonstrate the viability of this approach and explore design choices that attackers might make. This sort of attack can be carried out in more or less the same way on all private and public cloud infrastructures.
Read the report for further details, including the basic design principle of a serverless botnet, and watch the video to see it in action.
Rather than being made obsolete by serverless, botnets may actually thrive in this environment. Clever botnet design may even persist longer by testing limits, then staying just under the radar.
Botnets can have various impacts to a cloud customer’s liability, degradation of service, and cost.
Read the report to learn the three key components required to prevent your infrastructure from becoming part of a botnet. Protego recently launched the first comprehensive serverless security platform that addresses these security needs in a single, holistic, code-driven solution. Sign up today for the free version or request a personalized demo.
To see the attack in action, watch the below brief video.