Dieser Artikel ist auf Deutsch verfügbar: http://tcadistribution.wordpress.com/2014/07/01/wie-cyberangriffe-auch-ihrem-unternehmen-schaden-konnen/
We’ve learned after the Code Spaces incident that started as a DDOS, continued with hacking and then blackmailing that cyberattacks are not something one should ignore. The long story of CodeSpaces put short was: a hacker started a DDOS on the company’s website and services. Nothing unusual, just another attack, thought the company. Later on, probably the same person, breached into world-wide distributed Amazon EC2 where the assets of the company were stored and got access to its control panel. The attacker left messages trying to extort a large fee in order to resolve the DDOS. When the company refused to pay, the attacker started to randomly delete settings, data, backups, virtual machines. Customer data included. All these happened in less than 12 hours. At the end of this time, the company was faced with a close to total loss of data and was forced to throw the towel. They had shut down the operation since they weren’t able to serve their customers anymore. But there is more than not being able to service the customers.
Code Spaces will not be able to operate anymore beyond this point because, the cost of resolving this issue and the expected cost of refunding customers who have been left without the service they paid for, will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility. So, they lost not only data and money, they lost their customers’ trust in them. No customers means no reason for a business to exist. This led the company to close and sooner or later all its employees are going to be forced to search for new jobs.
Myths vs. Reality
If you think “This can’t happen exactly to me”, then you are just one of the many who believes in a myth. Reality is that just like CodeSpaces, you will be eventually disappointed.
Continue to read on if you don’t want to end up as CodeSpaces.
What should you do?
Reduce the impact of a DDOS
That there is nothing you can do to prevent a DDOS, but there are ways to reduce the impact of a DDOS. There are services that either redirect the traffic to their cloud infrastructure or install an appliance in your infrastructure so that they can differentiate between valid traffic and DOS traffic in order to deliver valid content to your real users. Here is a review of the most well-known services. DDOS mitigation services are like insurances – you pay for them, with the hope that you never have to use them – but when something happens, you want to be fully covered. Be sure to let yourself advised by experts when choosing such a service. In general, these services come customized for companies depending on their size and their traffic.
Avoid being hacked
There is a lot of literature around this subject, so it is not possible to go deep into the details. However, there are a couple of things which have to be kept in mind:
- Be careful who you trust – many hacks are done with information from within the company. The information was either obtained from ex-employees or from disgruntled employees or using watering hole attacks and phishing. Give everyone the exact amount of information they need to do their job in an effective way.
- Secure your internal and external infrastructure – install security software on your internal devices (computers, servers, laptops, mobile devices) and on the gateways (mail server, webserver, ftp server).
- Regularly perform security audits on the systems that are exposed to the exterior: websites, web services, other software.
- Create a patch management policy – many attacks these days are using known exploits in popular software like web browsers, mail clients, Java and Adobe. Through specially crafted documents or websites an attacker can gain privileged access to your network.
- Educate your employees in respect to IT security – no matter how many security solutions you install, the last barrier between your secrets and the outside world are the employees. Here you can find a lot of useful resources on how to improve your security.
- Never store sensitive data not encrypted. I specifically wrote “not encrypted” and not “in plain text” just to emphasize In this category enter passwords, financial information, social security numbers and others alike.
- Create a security incident response team (SIRT) and empower it to take decisions in regards to processes and communication.
Avoid losing all data
Make off-site backups. Do not think that by using the globally distributed infrastructure of Amazon you have a distributed backup system. An offsite-backup must not be susceptible to the same dangers as the original that is being secured. In this case, the company CodeSpaces was counting on Amazon’s EC2 distributed servers to have a backup, but all these servers all controlled from the same control panel. Once the hacker got access to that and started to erase the data, he erased it from all instances, no matter where they were in the world. The real solution is to have a proper full backup hosted in a remote site which is not controlled by the same entities that control the source. Only this way it is possible to recover the data in case of problems.
Be proactive in communication
Even if you did everything what is feasible and you still got in trouble, it is important to make the best out of it. This means that you have to present the facts, explain what was compromised and what didn’t, offer refunds to the customers who want it. Don’t hide behind complicated press releases and lawyers because this usually means that you have something to hide. Being open shows your customers and users that you care about them and about their concerns. Always say what you’ve learnt from this incident and what other measures you’ll take in the future so that you can potentially prevent something like this.
© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch