The Cloud Connection August 2023

CloudBuzz | InsideScoop | TrendTracker | SectorSpotlight | NewsBites

In each edition, I’ll bring you the latest updates to keep you informed and connected in the rapidly evolving world of technology

Cloud Buzz – Danish CSP suffer ransomware attack

CloudNordic and AzeroCloud, Danish cloud hosting providers, have suffered a crippling ransomware attack, resulting in the loss of all customer data and widespread disruption. The attack, which occurred on August 18, 2023, saw criminal hackers infiltrate and shut down all systems, including websites, email systems, and customer data. Martin Haslund Johansson, director of AzeroCloud and CloudNordic, expressed his devastation at the incident, stating that he does not expect any customers to remain with them after this ordeal. The ransom demanded by the hackers amounts to around $156,000.

Both companies, which are owned by Certiqa Holding, have replaced their usual websites with a text post explaining the situation. They have also made it clear that they will not meet the financial demands of the ransom. While efforts are being made to assess the damage and potential for data restoration, the outlook appears grim. CloudNordic and AzeroCloud have admitted that it has been impossible to recreate most of the lost data, leaving the majority of their customers in a dire situation.

The cause of the attack is believed to be compromised servers that went undetected, followed by a data centre migration that connected these servers to the internal network used for managing all of their systems. Through this network, the hackers gained access to central administration systems and backup systems, encrypting all server disks and rendering them inaccessible. It is unclear which data centres CloudNordic and AzeroCloud operated in, but they have emphasised that there is no evidence of data being stolen.

In an effort to restore operations, the hosting companies have re-established blank systems, such as name servers, web servers, and mail servers. However, these systems do not contain any data from previous customers. CloudNordic and AzeroCloud have offered to restore customers on the same name servers and provide new web and mail servers, but without any previous data. They have also suggested that customers attempt to restore data from local backups or utilise the Internet Archive’s Wayback Machine as a potential source for copying data. The companies deeply regret the situation and express gratitude to their loyal customers for their support over the years. Read more here

Inside Scoop – iseek Appoints Cloud Services Expert Mark Pratley as Chief Operating Officer

Leading Australian digital infrastructure operator iseek has appointed industry veteran Mark Pratley as Chief Operating Officer (COO) to spearhead the company’s growth and diversification in the digital services ecosystem.  

Mr Pratley brings 30 years’ experience in cloud services, strategy, and new product development to iseek, gained in senior leadership roles at Oracle, Telstra, IBM, Kaz Group and Advantra.

Mr Pratley delivered substantial earnings and efficiency improvements as Regional Director at Oracle, more than doubling the company’s cloud footprint to 13 regions and implementing global data-driven customer engagement programs. Prior to Oracle, he was a General Manager for Telstra Product driving the successful market entry into IaaS, PaaS and SaaS offerings with Telstra’s Cloud Services, a globally leading shared infrastructure platform, entirely locally operated which saw Annualised Recurring Revenue (ARR) surpass $200 million within three years.

As iseek COO, Mr Pratley will be responsible for the development of channel partners and customers while also improving the company’s critical infrastructure operations across Queensland, NSW and South Australia. Read more here

Trend Tracker:  Amazon maintains stance on WFH

Amazon CEO Andy Jassy has sent a clear message to employees who are resistant to returning to the office: “It’s not going to work out for you.” This statement was reportedly made during a recent meeting.

Despite facing backlash from employees, Amazon implemented a policy in May requiring employees to work in the office for three days a week. Thousands of workers expressed their dissatisfaction by signing a petition and even staging a walkout in protest.

However, Jassy’s stance on the matter remains unchanged. In a leaked recording of the meeting, he emphasised the need for employees to “disagree and commit,” stating that those who are unwilling to do so may not be a good fit for Amazon. He also mentioned that his decision to bring employees back to the office was a judgment call and that those who refuse to comply are free to leave the company.

In addition to this strict policy, Amazon has been taking measures to enforce in-person attendance. Leaked messages revealed that the company may force a “voluntary resignation” on employees who refuse to relocate to the designated office hubs where their teams are based. Some employees have decided to quit on their own, while others have received warnings about their attendance.

It remains to be seen how this steadfast approach will affect Amazon’s workforce. As the debate over remote work continues, the company’s decision to prioritise in-person collaboration may have repercussions both internally and within the broader industry. Read more here

Sector Spotlight – Who’s listening?

It may be time to swap that mechanical keyboard your colleagues don’t quite appreciate as much as you! A team of UK researchers has successfully trained a deep learning model to interpret keystrokes based solely on audio recordings.

By capturing the sound of keystrokes to train the model, the researchers achieved an impressive 95% accuracy in predicting typed text. However, when using Zoom to train the system, the accuracy dropped slightly to 93%.

This research highlights the potential risk of acoustic side-channel attacks, where sensitive information such as passwords and messages can be intercepted by individuals within hearing distance. Whether recording someone in person or virtually through a video call, the abundance of microphone-bearing devices like smartphones has made such attacks simpler than ever before.

The combination of easily accessible audio recordings and advancements in machine learning technology has made these types of attacks not only feasible but also more dangerous than previously realised. Hackers armed with nothing more than a microphone and a machine learning algorithm can potentially gain access to valuable and confidential information.

The researchers conducted their experiments using a MacBook Pro, pressing each of the 36 individual keys 25 times. This formed the basis for the machine learning model to recognise the association between keystroke sounds and characters. The recorded audio, captured via a phone in close proximity to the laptop and through Zoom, exhibited enough subtle differences in waveforms for the model to accurately identify each key.

To mitigate the risk of keystroke hacking, the researchers recommend making changes to your typing style, using randomised passwords rather than those containing complete words, incorporating randomly generated fake keystrokes during voice call-based attacks, and employing biometric tools such as fingerprint or face scanning. Read more here

News Bites – Kevin Mitnick passes away

Kevin Mitnick, one of the most renowned hackers in the history of cybersecurity, passed away last month at the age of 59 after battling pancreatic cancer. Mitnick’s hacking exploits were legendary, inspiring multiple films, including “WarGames,” which was based on allegations that he hacked into the computer systems at North American Aerospace Defense Command as a teenager.

Mitnick’s hacking journey took a turn when he was arrested in 1988 for stealing $1 million worth of proprietary software from Digital Equipment Corporation. After serving time in prison and violating probation, he went on the run, breaking into the computer systems of various corporations, cell phone companies, and educational institutions.

Despite the chaos he caused, Mitnick and his supporters argued that his actions were driven by intellectual curiosity rather than malicious intent or financial gain. In 1999, he reached a plea deal with federal prosecutors, resulting in a prison sentence and probation.

Upon his release in 2000, Mitnick transformed into a white-hat hacker, using his expertise to assist businesses in protecting their systems. He became the chief hacking officer and partial owner of the tech security firm KnowBe4, founded by his close friend Stu Sjouwerman.

Mitnick’s hacking career was documented in his memoir, “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker,” which was published in 2011. Fascinating read of the full story of his arrest at Takedown

And finally, as always, feedback is welcome. Which topic was of interest? What do you want more or less of? Other suggestions? Or just a chat on tech? Please let me know, have a great day and enjoy!

Similar Posts