When the team attempted to regain sole control of the panel, the hacker retaliated by randomly deleting artifacts from it. When the dust finally settled, much of the online storage volumes and machine images, and all backups and snapshots, had been deleted. With no way to recover this deleted data — Amazon leaves the onus for backup entirely to its users — Code Spaces said it was unable to continue operating.
Aside from the obvious elephants in the room — not enabling Amazon's multi-factor authentication coupled with the high likelihood of poor password hygiene — the other learning point is the importance of offline backups, or at least backups that aren't within reach of an armchair hacker or malicious employee. It's not known if customers lost their code for good, but this is another somber reminder not to rely on the promise of a cloud service provider when it comes to data backup. Take care of it yourself.
Beware Attackers Stealing Your Domain Name
There's money to be made stealing the domain name of an established small businesses, as full-time lifestyle blogger Jordan Reid discovered earlier this year after forking over $30,000 to buy back her own domain name. A cyber thief had used the email confirmation system of Web host HostMonster to steal the domain from Reid and then transferred the domain into a private account at GoDaddy.
A family friend chanced upon an unknown user selling the domain name on an online auction site and alerted Reid. The matter was at a deadlock, however, despite multiple frantic conversations with both parties: GoDaddy said it couldn't help, and HostMonster refused to initiate a transfer dispute to get the domain back, in an apparent bid to avoid admitting liability.
Ultimately, Reid took matters into her own hands by getting a friend to purchase the domain from the hacker. Once she had the domain back in her hands, she transferred it out and successfully ordered a halt to the wire transfer payment. In a nutshell, she avoided what's likely to be an expensive and protracted lawsuit by cheating on the cybercriminal.
Moral of the story? Your domain names are probably much more valuable than you believe they are, and it's not be as straightforward as you imagine to regain control them should they be stolen. Don't forget, too, that control of a domain lets an attacker intercept all emails by modifying the MX record to point to its own servers. Rather than bemoan the loss of domains after the fact, small businesses should secure them appropriately.
Protect Your Small Business With Authentication, Backup
Drawing from the above security incidents, here are four steps that small businesses can take to protect themselves from hackers. They're not exhaustive, but they should be practical and simple to implement. The idea here is to raise the bar to stymie hackers and social engineers enough that they move on to target other potential victims instead.
Sign up for CIO Asia eNewsletters.