If you haven’t read about the Code Spaces incident, you may want to learn from their harsh story. Its a sad story that could happen to your company if not careful enough.
Please take the time to read, or at least skim through their website’s front page story:
I saved a copy in PDF Format, in case they remove it from the site.
A little TL;DR about what happened.
Code Spaces is or was a commercial service for hosting code (SVN) that relayed on Amazons cloud services for storage and servers, and pretty much everything.
One day, they found themselves under a DDoS attack and started to investigate. They logged in to their AWS dashboard and saw an unauthorised account and left a few messages (I’m guessing extortion). Once they tried to contact him, all hell broke loose. The attacker deleted all of the server snapshots, AMIs, s3 buckets and some servers.
From how it looks, they had no offsite backup so most of their customers lost everything as well.
Imagine waking up one day to discover that your whole company business has been eliminated.
How we you learn from it
- Have offsite backups. Make sure that they will work when you need them.
- Don’t just use one account to log in to the AWS (or any other service) dashboard.
- Give each user as little permissions that will still allow him to work.
- Keep your private keys safe.
- If you have contractors working on a server, give them a new key to work with.
- Make sure to have a disaster recovery plan.
- If you feel like there is a security issue, please contact an expert. It’s a good thing to have someone with experience and a different view on your side.
- If possible, use multiple service providers.
- Perform a risk assessment to better understand how attackers can interfere with your core business.