Threat Management, Incident Response, TDR

Code Spaces shuts down following DDoS extortion, deletion of sensitive data

Code Spaces recently became one of the roughly 60 percent of small businesses that fold within six months of experiencing a cyber attack.

It began on Tuesday when the code hosting and project management services provider experienced a “well orchestrated” distributed denial-of-service (DDoS) attack against its servers, according to a post on the website.

Code Spaces then learned that unauthorized access was gained to its Amazon Elastic Compute Cloud (EC2) control panel, according to the post. The attacker left messages behind seeking communications via a Hotmail address.

As with several other recent extortion-based DDoS attacks, the attackers told Code Spaces that a “large fee” would resolve the issue.

Code Spaces moved to change its passwords, but the attacker had created backup logins and began "randomly" deleting artifacts from the panel, including most of Code Spaces' data, backups, machine configurations and offsite backups, according to the post.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility,” according to the post.

In a Thursday email correspondence, Ofer Hendler, CEO of cloud security company Skyfence, told that he believes the attack was made possible because an administrator's credentials were compromised – likely in a phishing attack.

“This incident is a not-so-subtle reminder that security controls to monitor and manage privileged access need to be taken just as seriously in the cloud as they are in the data center,” Hendler said. “That means limiting access to sensitive systems and data, both IT and business applications, to only those that need it.”

Multifactor authentication offers one way to help prevent these types of incidents from occurring, Hendler said, adding that organizations should also use technology that monitors and controls privileged commands executed by administrators in cloud apps.

“This will allow a company to know who made changes, including changes to security settings,” Hendler said. “In addition, some level of separation of duties should be enforced by controlling the actions that individual administrators can perform. This could have helped prevent this type of breach.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.