Code Spaces shuts down following DDoS extortion, deletion of sensitive data

Share this article:
Regulators close firm after costly attack
Code Spaces shuts down after being hit with a DDoS attack and then having its sensitive data deleted.

Code Spaces recently became one of the roughly 60 percent of small businesses that fold within six months of experiencing a cyber attack.

It began on Tuesday when the code hosting and project management services provider experienced a “well orchestrated” distributed denial-of-service (DDoS) attack against its servers, according to a post on the website.

Code Spaces then learned that unauthorized access was gained to its Amazon Elastic Compute Cloud (EC2) control panel, according to the post. The attacker left messages behind seeking communications via a Hotmail address.

As with several other recent extortion-based DDoS attacks, the attackers told Code Spaces that a “large fee” would resolve the issue.

Code Spaces moved to change its passwords, but the attacker had created backup logins and began "randomly" deleting artifacts from the panel, including most of Code Spaces' data, backups, machine configurations and offsite backups, according to the post.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility,” according to the post.

In a Thursday email correspondence, Ofer Hendler, CEO of cloud security company Skyfence, told that he believes the attack was made possible because an administrator's credentials were compromised – likely in a phishing attack.

“This incident is a not-so-subtle reminder that security controls to monitor and manage privileged access need to be taken just as seriously in the cloud as they are in the data center,” Hendler said. “That means limiting access to sensitive systems and data, both IT and business applications, to only those that need it.”

Multifactor authentication offers one way to help prevent these types of incidents from occurring, Hendler said, adding that organizations should also use technology that monitors and controls privileged commands executed by administrators in cloud apps.

“This will allow a company to know who made changes, including changes to security settings,” Hendler said. “In addition, some level of separation of duties should be enforced by controlling the actions that individual administrators can perform. This could have helped prevent this type of breach.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.