A “well orchestrated DDoS” attack put code-hosting domain Code Spaces down this week.
In a statement, Code Spaces said that the denial-of-service attack was launched against it on Tuesday of this week, which is normally overcome, but “on this occasion however the DDOS was just the start”.
Pointing at an “unauthorised” person, who gained access to its Amazon EC2 control panel and left a number of messages for Code Space to contact them using a Hotmail address, that person then tried to extort a large fee in order to resolve the DdoS.
It said: “Upon realisation that somebody had access to our control panel we started to investigate how access had been gained and what access that person had to the data in our systems, it became clear that so far no machine access had been achieved due to the intruder not having our Private Keys.”
It is said that the situation was resolved eventually, but most of its data, backups, machine configurations and offsite backups were either partially or completely deleted. This included all backups and snapshots of all Git repositories, and all Code Spaces machines which have also been deleted, except some old svn nodes and one git node.
It said that the incident will mean that Code Spaces will not be able to operate beyond this point, as the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position, both financially and in terms of ongoing credibility.
“As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us,” it said.
“All that we can say at this point is how sorry we are to both our customers and to the people who make a living at Code Spaces for the chain of events that led us here. On behalf of everyone at Code Spaces, please accept our sincere apologies for the inconvenience this has caused to you, and we ask for your understanding during this time! We hope that one day we will be able to reinstate the service and credibility that Code Spaces once had.”
Commenting, Patrick Thomas, security consultant for Neohapsis, said: “For companies that use cloud services as a critical part of their business, this is the nightmare scenario. This is a wakeup call to other organizations that have critical assets on cloud services.
“Based on the limited data on their site and typical attacker behavior, it is likely that the initial point of entry involved a phishing attack against users with access to cloud service credentials. Offsite backups have been considered a necessary operating procedure for any sensitive data, but in the age of cloud infrastructure many organizations think that they can simply pass the buck on backups, getting their geographic distribution and redundancy ‘for free’ as part of going to the cloud.
He said that this should serve as a marker for businesses to look at this event and decide how it could possibly play out against their organization. “Gaining a full picture of this type of risk requires commitment from the highest levels of the organization, and coordinated efforts between documented and tested internal controls, active red teaming, and real incident response drills.”
Steve Hultquist, CIO/VP customer success at RedSeal Networks, said: “It’s obvious that attacks are getting more brazen, and will occur without warning. Given the complexity of the systems and networks that support an enterprise, designing for security and then con
tinuously monitoring the infrastructure to make sure that it accurately implements the security architecture is mission critical. As we have seen from Code Spaces, an attack can destroy a company.”