Tag Archives: Cloud PROVIDERS

Yet Another Hosting Provider Hit By Ransomware Attack

SmarterASP.net, a web hosting provider with over 400,000 customers, was infected by ransomware over the weekend.

They are, at least, the third provider to be hit by such an attack.

Affected user web sites are down and the company’s website was also down.

Customers logging in might see a directory listing that looks like this

The encrypted files have the extension kjhbx, except for the ransom note below:

The company has not returned calls so it is unclear if they paid the ransom or are restoring from backups.

If this is like the previous hosting provider attacks, it will likely take weeks for them to restore all the data – if it all can be restored.

A2Hosting and iNSYNQ are two other hosting providers that were attacked earlier this year.

In 2017 South Korean hosting provider Nayana paid a ransom of over $1 million after they were attacked.

Hackers understand that if they can get a hosting provider to pay, the payday is likely a lot larger than attacking you or me.  As a result, attacks against cloud service providers are likely going to continue.

There is no obvious notice on the company’s homepage of the attack and for good reason – it is not terribly good for business.  They are likely hoping that this disappears off the radar and they can continue signing up customers.  There is a note buried on the support site, here.  It says don’t bother to call us or email us, we are kind of busy right now.

So what does this mean for you?

First of all, check your cloud provider’s contract that you signed – either without reading it or without caring.  It probably says that they will not charge you while your web site is down.  Beyond that, you are likely on your own.  Maybe your contract is different, but I doubt it.

You can try suing them for damages, but in light of the contract, that probably will go no where.

*IF* you have cyber risk insurance WITH  network business interruption coverage, you will probably be able to collect on your policy, but only if you have that coverage.

From some of the earlier attacks, it took the providers *WEEKS* to recover all the data – if they were able to recover it at all.

ARE YOU OKAY WITH YOUR WEB SITE BEING DOWN FOR A COUPLE OF WEEKS?

ARE YOU OKAY WITH SOME OTHER CLOUD SERVICE PROVIDER THAT IS KEY TO YOUR BUSINESS BEING DOWN FOR A COUPLE OF WEEKS?

ARE YOU OKAY WITH LOSING SOME OR ALL OF YOUR DATA FOREVER?

Assuming the answer to these questions is no, it is up to you to figure out a business continuity plan.  Assuming your data is permanently gone, it is up you to figure out what to do.

We have read stories of some companies going out of business after one of these attacks because customers fled or they lost all of their data.  These are the minority, but it does happen.

Plan for it now because dealing with it after the fact is no fun.

AND, your cloud service provider is likely not liable, other than not charging you for the service that you are not getting.

Information for this post came from ZDNet.

Government Employee Use Of Underground IT 10 Times Private Sector

Skyhigh Networks, a cloud security product vendor, did an analysis of data from government employees on cloud service usage.

They say that the average public sector organization uses 742 cloud services, of which 60 are sanctioned.  That means that typical organization uses 682 services that no one has looked at the security of – or approved the usage for government data – even though there are laws that make this practice illegal.

Skyhigh analyzed 10,000 cloud services and found that only 10% of them encrypt their data at rest.  The rest are waiting to be the next Office Of Personnel Management.

Only 15% support two factor authentication – one of the particular hot buttons addressed by Executive Branch CIO Tony Scott in the cyber-security “sprint” after the OPM breach.

And only 6% have an ISO 27001 security certification.

The report has a number of additional data points, but I will highlight only one more –

They did a survey with the Cloud Security Alliance and found that 7% of the IT and IT security professionals said that their organization had experienced an insider threat incident in the last 12 months.  However, looking at anomaly detection data, 82% of the organizations had behavior indicative of an insider threat in the last quarter alone.

What this means is that 75% of the organizations are clueless that their data may be being stolen.  That is not a great stat.

While this study is geared around the government, the private sector is probably not a lot better.  In many organizations, when it comes to the cloud, they just look the other way and cross their fingers.  It is just a matter of time before one of the big cloud providers gets hacked.  If successful, the hackers get a treasure trove from thousands or millions of companies.

 

 

 

Skyhigh’s press release can be found here.