Cris Danci

Code Space, a leason in cloud security

Discussion created by Cris Danci on Jun 20, 2014
Latest reply on Jul 29, 2014 by Cris Danci

I recently read a short article about Code Space's demise (Hacker Puts Code Spaces Out of Business) that I think holds an important lesson for everyone venturing into the cloud.  While being attacked on the cloud is nothing new, this case is particularly interesting because the consumer (Code Space) was comprised of highly technical individuals and the attack vector wasn't focused on a software on operating system vulnerability.  The attack vector used was access to the management console (most likely obtained by stealing the password through a key logger or some kind of man-in-the-middle interception).  While this attack vector is nothing new, it is easily blocked in private infrastructure models (traditional or cloud), by simply isolating management traffic to a network segments (generally VLANs) and securing by limiting access.  With the public cloud this generally isn't viable because of its ubiquitous nature.


It will be interesting to see if this is an isolated incident or just the beginning.  If a trend does form, it won't be long before cyber criminals are adding cyber extortion to their black market offerings.  It will be interesting to see how organisations and cloud vendors deal with the challenges,