Code Spaces shuts down following DDoS extortion, deletion of sensitive data

Share this article:
Regulators close firm after costly attack
Code Spaces shuts down after being hit with a DDoS attack and then having its sensitive data deleted.

Code Spaces recently became one of the roughly 60 percent of small businesses that fold within six months of experiencing a cyber attack.

It began on Tuesday when the code hosting and project management services provider experienced a “well orchestrated” distributed denial-of-service (DDoS) attack against its servers, according to a post on the website.

Code Spaces then learned that unauthorized access was gained to its Amazon Elastic Compute Cloud (EC2) control panel, according to the post. The attacker left messages behind seeking communications via a Hotmail address.

As with several other recent extortion-based DDoS attacks, the attackers told Code Spaces that a “large fee” would resolve the issue.

Code Spaces moved to change its passwords, but the attacker had created backup logins and began "randomly" deleting artifacts from the panel, including most of Code Spaces' data, backups, machine configurations and offsite backups, according to the post.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility,” according to the post.

In a Thursday email correspondence, Ofer Hendler, CEO of cloud security company Skyfence, told that he believes the attack was made possible because an administrator's credentials were compromised – likely in a phishing attack.

“This incident is a not-so-subtle reminder that security controls to monitor and manage privileged access need to be taken just as seriously in the cloud as they are in the data center,” Hendler said. “That means limiting access to sensitive systems and data, both IT and business applications, to only those that need it.”

Multifactor authentication offers one way to help prevent these types of incidents from occurring, Hendler said, adding that organizations should also use technology that monitors and controls privileged commands executed by administrators in cloud apps.

“This will allow a company to know who made changes, including changes to security settings,” Hendler said. “In addition, some level of separation of duties should be enforced by controlling the actions that individual administrators can perform. This could have helped prevent this type of breach.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.