Cyber attacks and ransomware can destroy unprepared businesses Cyber attacks and ransomware can destroy unprepared businesses
It's more important than ever for businesses to protect themselves, even when their resources are cloud-based. Cyber attacks and ransomware can destroy unprepared businesses

Computers have ushered in the modern digital age, and today just about every business relies on them for data storage, information processing, general communication and other business-critical functions.

Which is why, when disaster strikes and malware infects those critical systems or cyber attacks take them offline (or delete them entirely), businesses are at risk of collapsing entirely. And malware is only getting more vicious.

Ransomware is a relatively new type of malware that encrypts vital data on infected systems, and then demands some form of payment to unlock it. As criminals have learned to target business-critical systems and businesses are often unprepared to deal with the malware, it’s often just easier for businesses to give in and pay the ransom.

Law firms targeted

For example, the InfoSec Institute has noted an increased number of focused ransomware attacks on law firms; cyber criminals choose their targets based on the cases they know specific firms are working on, and which are due to go to court soon.

The idea is to infect the computers that contain vital information about those cases with ransomware, and because the lawyers are under serious deadline pressure, they are more inclined to pay the ransom.

In the event that businesses choose not to pay and attempt to deal with the ransomware on their own, the downtime required to sort the problem out impacts on performance, plus businesses run the risk of losing that encrypted data altogether, as decrypting data you don’t have the key to is next to impossible.

Worse, even if payment is made, there is no guarantee the cybercriminals will remain true to their word and actually supply the decryption key. It’s a gamble, either way.

Business-crippling

Regardless of how businesses choose to handle the situation, their bottom lines will be impacted by such an occurrence. This can potentially cripple businesses or even lead to them shutting up shop entirely.

Jon Tullett, research manager for IT services at IDC Africa, told a group of journalists at a cloud security briefing recently that 60% of all companies who experience some sort of “data disaster” close their doors within six months of the incident taking place.

He added that with 390 000 estimated new malware strains being reported daily, the chance of it happening to a business near you is only increasing.

Code Spaces

One of the most famous examples of a cyber attack taking down a company is that of Code Spaces, a US-based Software as Service company that was providing developers cloud-based source code repositories and project management services using Git and Subversion.

Back in 2014, Code Spaces had been around for seven years and was doing well. But you won’t hear anything from them today, because the company closed down after being compromised by hackers.

And it wasn’t a dramatic hack, either  – no servers were hacked and no data was stolen. Instead, the attacker gained access to Code Spaces’ cloud control panel and demanded money for the return of control back to the company. The company refused and instead tried to wrestle control back; on detecting this, the attacker simply started deleting resources.

By the time Code Spaces re-gained access to their control panel, the damage had been done. A message on their website read: “We finally managed to get our panel access back but not before [the attacker] had removed all EBS snapshots, S3 buckets, all AMIs, some EBS instances, and several machine instances.”

And while they had backups, those backups were accessible from the same control panel the attacker gained access to, and were thus easy to delete alongside the company’s infrastructure and much of their data.

Despite not losing all of their data, six months after the attack, Code Spaces was no more.

This is what you find today when you go to codespaces.com.

Code Spaces essentially didn’t follow several security best practices:

  • Two-factor authentication by way of key fob was not present on admin accounts that had access to the cloud control panel.
  • There was little (or no) role-based management, and thus deleting backups was not limited to a single account – anyone with access could do it.
  • They didn’t heed the backup admin’s golden 1-2-3 rule, which requires three copies of any piece of data to be on two different media, with one offsite.
  • All backups were accessible from just one control panel, providing a single point of failure.

Protection is vital

Taking those lessons into account, it’s clear that it’s more important than ever for businesses to protect themselves by following best-practices when it comes to access control, general security and backup strategies, even (or especially) when their resources are cloud-based.

Even though modern cloud security is incredibly robust and there are options aplenty, there’s still work to be done by every company to ensure those security options and best-practices are being appropriately implemented, and policies enforced.

Attacks from within an organisation are particularly dangerous, as without the proper measures in place to limit individual account access to critical resources, considerable damage can be done by determined attackers, as Code Spaces experienced.

Thwarting cyber attacks

External attacks are somewhat easier to deal with, but still a major challenge. Nico Goodall from Tarsus SecureData says that thwarting cyber attacks requires “…a multi-pronged strategy that involves robust network security protocols, on-device security solutions, end-user education around security best practices, and in the worst case scenario of a successful infection, having a plan in place for dealing with the problem.”

Goodall added that Tarsus SecureData offers several products and services designed to meet the stringent security needs of the modern enterprise, covering every end point that could potentially allow malware to enter the corporate network.

SecureData provides the following services to local businesses looking to secure their data, networks and devices against external cyber threats:

  • Network Design
  • Compliance auditing
  • Architecture and Analysis
  • Integration and compatibility testing
  • Forensics
  • Performance Testing
  • Migration
  • Knowledge Transfer
  • End-user education and best-practice consulting

When it comes to malware-based attacks and ransomware, prevention is always better than looking for a cure after the fact.

Therefore, it’s up to local businesses to do what they can to protect their IT environments, including their cloud-based resources, in order to minimise the chances of a business-ending attack from taking place.

 

Leave a Reply