Cyberattack puts provider out of business: 3 lessons learned

The news came recently that hackers had successfully taken down an entire company with a well-crafted cyberattack. And while the prospect of losing your business to hackers is frightening enough for IT pros, that’s only one of the many serious consequences this incident has for IT.

Code Spaces was a cloud-based code-hosting firm until sometime last week when hackers launched a Denial of Service (DoS) attack against it. They demanded that a ransom be paid for the attack to stop, a type of attack that seems to be gaining in popularity.

But the real trouble came when Code Spaces realized that the hackers had gained control of the company’s Amazon Web Services (AWS) account and Elastic Compute Cloud console.

The attackers began deleting files, images and backups. As Code Spaces put it, “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

Code Spaces is working to recover files for its customers so they can move them to other sites, but has revealed the damage was so severe it won’t be able to re-open.

Lesson 1: Ask providers about backup measures

Every company will of course tout its security features. But the description of Code Spaces’ security from its own site seems especially suspect following the attack:

Backing up data is one thing, but it is meaningless without a recovery plan, not only that [but also] a recovery plan—and one that is well-practiced and proven to work time and time again. Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.

In retrospect, there were serious flaws with their backups. If the hackers were able to delete these backups, it would more than likely mean they were stored in the same place as the originals – hardly a foolproof recovery plan.

Make sure you press hosts and vendors for details on how they will actually secure and back up files. Redundancies and off-site backups should be a must. Otherwise, recovery is far from guaranteed.

If nothing else, this shows that a single provider for your cloud needs could turn out to be a huge mistake.

Lesson 2: Be prepared for ransomware

Attackers are going to keep going with what works. And right now, it seems like ransomware and bribery are working just fine for them.

It was recently revealed that other cloud services came under DoS attacks and refused to pay. In those cases, the attacks were handled with minimal disruptions.

Another recent revelation, however, found that Nokia once paid millions in bribes to hackers that got off scot-free. It’s unlikely that they were the only company to ever make a payoff (many probably just keep these secret).

Most experts agree the smart move is to not give into demands. There’s no guarantee that if you pay the attacks will stop or that hackers won’t come back asking for a little more. Or a lot more.

Still, your company should have plans and procedures in place for what would happen if that email demanding a payoff ever comes.

Lesson 3: 100% in the cloud is still too optimistic

With each passing day, companies are getting more and more OK with the idea of putting files in the cloud. But recent events like these might be a call to rethink just what’s going off-site.

True, there are risks with on-site storage as well. Anyone can become a victim of hacking,  whether it’s a major cloud provider or a small business. And these providers likely have security resources that put them slightly ahead of what can be done in-house affordably and practically.

But putting the kind of information that could be the difference between staying in business or closing down for good in someone else’s hands should at least give businesses pause.

Make sure your company has policies on what can and can’t be trusted to the cloud.

And encrypt everything that you’d be uncomfortable losing in a leak.