Code-hosting provider, Code Spaces, forced to cease trading after the latest Ransomware attack

Where does the biggest threat to corporate cyber-security lie? Well, in the opinion of Patrick Thomas, security consultant at Neohapsis, it’s in the cloud and in the recent upsurge in targeted Ransomware attacks, the latest of which has effectively wiped out code hosting and software collaboration platform, Code Spaces. The company which is based in Coventry was forced to shut down operations after an attacker compromised its internal system and deleted its customer’s data and backups. Speaking to Information Week, Mr Thomas said the recent cyber-attack on Code Spaces clearly demonstrated the vulnerability of the cloud when it came to the storage of critical information. He has warned of further attacks should businesses not take adequate precautions to ensure the safety of their sensitive data.

So, what happened to Code Spaces? Well, a hacker was able to access Code Spaces’ Amazon EC2 control panel and the company was forced to shut downafter much of its data, backups, machine configurations, and offsite backups were erased. What compounded matters and made the situation more embarrassing for the company is that Code Spaces has built its reputation on security and invulnerability, claiming to offer “rock solid, secure and affordable Svn Hosting, Git Hosting and Project Management.” Now the company has been forced to offer a contrite apology to its customers and close down its services. A message on its homepage read:

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility. As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”

The devastating security breach took place on June 17. During a 12 hour period a DDoS attack was launched, followed by an attempt to extort money from the company.  The attacker also had gained unauthorized access to the control panel for the company’s Amazon Web Service account (AWS) Elastic Compute Cloud (EC2) console and left extortion demands for the company officials along with a Hotmail address they were supposed to use to contact the attackers. Contacting the address led to an extortion demand, and triggered a devastating chain of events that the company could do little to control. Although Code Spaces administrators tried to deal with the problem, they quickly found that there was little they could do to limit the damage. In its statement Code Spaces stated:

“At this point we took action to take control back of our panel by changing passwords, however the intruder had prepared for this and had already created a number of backup logins to the panel and upon seeing us make the attempted recovery of the account he proceeded to randomly delete artefacts from the panel. We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances.

So what are the implications of this latest Ransomware attack? What it will mean for other businesses? Well, in the opinion of Patrick Thomas, if nothing else this attack should certainly act as a stark reminder that businesses must look to proactively safeguard their own information and not rely on other to do it for them. He told Information Week:

This is a wakeup call to other organisations that have critical assets on cloud services. Two-factor authentication and detailed event monitoring and alerting are essential components of any cloud strategy.”

“Offsite backups have been considered a necessary operating procedure for any sensitive data, but in the age of cloud infrastructure many organisations think that they can simply pass the buck on backups, getting their geographic distribution and redundancy for free as part of going to the cloud. However, anything that’s vulnerable to the same threats isn’t fulfilling the original intent of offsite backups. Perhaps it makes more sense to start talking in terms of diversified backups, to emphasize the broad types of threats that a backup strategy must mitigate.”

If you are concerned about the escalating security challenges facing your small business today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping you assess your security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services.We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.

Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected]