Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 25th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2019 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

Cloudbursts, a new IT problem?

24 July 2020

Into every life a little rain must fall.

Well that's the age-old saying which could apply to a group of universities in the UK and Canada, after the provider of their cloud-based services was hacked and subjected to a ransomware attack earlier this year.

Cloud-based computing is an attractive option for many organisations both large and small. It effectively outsources much of the burdensome need to produce backups, maintain security measures and mitigate hardware failures.

If you lack the skills, resources or finances to provide such basic services in-house, cloud-based solutions can seem very, very attractive and, if the brochures are to be believed, are a cheap way to gain "peace of mind".

But should you believe the brochures?

Well I suspect that the long list of organisations affected by an attack on the Blackbaud cloud-services provider are no longer sure of that.

According to this BBC report a significant amount of data was downloaded from the cloud service and then ransomware was installed so as to make the original files unavailable to the legitimate users.

Perhaps just as worrying as the hack and attack itself is the fact that the whole fiasco has been essentially covered-up until now, even though it happened back in May.

Blackbaud is not only being criticised for the cover-up but also for paying the ransom demanded by the hackers.

One thing's for sure... I'd be very wary of any cloud-based service provider that actually had to pay a ransom in this situation. Where were their backups?

I guess it's easy for companies to make all sorts of wonderful claims in respect to the services they delivering, confident in the knowledge that customers will have no real way of knowing how many of those claims are legitimate and how many are just fiction.

Now that the provision of these services has become such a huge growth-area within the IT industry, it must be very tempting for new or smaller players to over-sell their offering in an attempt to gain a toe-hold. If nothing goes wrong, nobody will ever know -- but if the shirt hits the flange... well perhaps this is a fantastic example of how quickly things can fall apart.

I suspect that most people simply have blind faith in the big players such as Amazon et al but there will always be some (who should know better) that opt to save a dollar or two here and there. Or perhaps it's simply that there are no other options. In the education sector there are almost certainly going to be some vertical markets which give the user no option but to use the supplier's cloud service and simply trust that they have their security and backups operating to the required standard.

The real problem is that hacking cloud-based providers offers the promise of very rich pickings for those who succeed. Instead of just being able to extort money from a single company they are effectively leveraging their efforts to every company that uses that service. The return on effort invested could be orders of magnitude higher for the snotty hackers that succeed.

Many countries are now criminalising the payment of ransomware demands. The obvious intention here is to make such attacks unprofitable for those who conduct them.

Whilst this sounds like a reasonable way to try and reduce the problem, it ignores the fact that most ransomware code also copies the data to the attacker's own servers so that it can be sold on the dark web. Even if these villains don't get paid for their ransom demands, they can still earn a healthy crust by selling the data to others who will use it to commit fraud or ID theft.

Am I the only one who looks back at "the good old days" when the biggest heists were bank robberies? At least back then the amount the bad guys could get away with was limited by their ability to carry bags of notes and coins. These days, thanks to fibre-based Net connections, there seems to be no limit to what they can steal.

Has the Blackbaud attack shaken your faith in cloud-based services?

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Features:

The EZ Battery Reconditioning scam

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

Recent Columns

The big backfire?
The world is headed for economic turmoil...

The rest of your life
Like most teenagers, I gave very little thought as to what I'd be doing half a century down the line...

Where are we headed?
As the world lurches from crisis to crisis, catastrophe to calamity and plunges head-long into an abyss of uncertainty, one can only wonder what will happen next...

Most satisfying
Over the decades I have designed, built and commissioned many bits of bespoke technology...

Politicians, some are nasty
With the NZ economy tanking to the tune of a 12 percent contraction, the last thing I wanted to hear yesterday were the words of National Leader Judith Collins...

Spark, what are you thinking?
Spark has stated in the media that it has a goal of getting up to 40 per cent of its broadband customers on to wireless technology by 2023...

The sky is falling again
What a terrible place the world has become...

The current "Big Thing"
Every now and then, a "big thing" comes along...

Python versus BASIC
Prepare your inner geek...

We all get four transistors!
GPUs, that's graphics cards to the great unwashed, they're a key component in any modern high-performance computer system...

Will Covid reduce the average lifespan?
With the death-toll from Covid infection seemingly falling as a percentage of those who are infected, it might be tempting to think that this thing will go away all by itself...