Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 25th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2019 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at

Please visit the sponsor!
Please visit the sponsor!

Cloudbursts, a new IT problem?

24 July 2020

Into every life a little rain must fall.

Well that's the age-old saying which could apply to a group of universities in the UK and Canada, after the provider of their cloud-based services was hacked and subjected to a ransomware attack earlier this year.

Cloud-based computing is an attractive option for many organisations both large and small. It effectively outsources much of the burdensome need to produce backups, maintain security measures and mitigate hardware failures.

If you lack the skills, resources or finances to provide such basic services in-house, cloud-based solutions can seem very, very attractive and, if the brochures are to be believed, are a cheap way to gain "peace of mind".

But should you believe the brochures?

Well I suspect that the long list of organisations affected by an attack on the Blackbaud cloud-services provider are no longer sure of that.

According to this BBC report a significant amount of data was downloaded from the cloud service and then ransomware was installed so as to make the original files unavailable to the legitimate users.

Perhaps just as worrying as the hack and attack itself is the fact that the whole fiasco has been essentially covered-up until now, even though it happened back in May.

Blackbaud is not only being criticised for the cover-up but also for paying the ransom demanded by the hackers.

One thing's for sure... I'd be very wary of any cloud-based service provider that actually had to pay a ransom in this situation. Where were their backups?

I guess it's easy for companies to make all sorts of wonderful claims in respect to the services they delivering, confident in the knowledge that customers will have no real way of knowing how many of those claims are legitimate and how many are just fiction.

Now that the provision of these services has become such a huge growth-area within the IT industry, it must be very tempting for new or smaller players to over-sell their offering in an attempt to gain a toe-hold. If nothing goes wrong, nobody will ever know -- but if the shirt hits the flange... well perhaps this is a fantastic example of how quickly things can fall apart.

I suspect that most people simply have blind faith in the big players such as Amazon et al but there will always be some (who should know better) that opt to save a dollar or two here and there. Or perhaps it's simply that there are no other options. In the education sector there are almost certainly going to be some vertical markets which give the user no option but to use the supplier's cloud service and simply trust that they have their security and backups operating to the required standard.

The real problem is that hacking cloud-based providers offers the promise of very rich pickings for those who succeed. Instead of just being able to extort money from a single company they are effectively leveraging their efforts to every company that uses that service. The return on effort invested could be orders of magnitude higher for the snotty hackers that succeed.

Many countries are now criminalising the payment of ransomware demands. The obvious intention here is to make such attacks unprofitable for those who conduct them.

Whilst this sounds like a reasonable way to try and reduce the problem, it ignores the fact that most ransomware code also copies the data to the attacker's own servers so that it can be sold on the dark web. Even if these villains don't get paid for their ransom demands, they can still earn a healthy crust by selling the data to others who will use it to commit fraud or ID theft.

Am I the only one who looks back at "the good old days" when the biggest heists were bank robberies? At least back then the amount the bad guys could get away with was limited by their ability to carry bags of notes and coins. These days, thanks to fibre-based Net connections, there seems to be no limit to what they can steal.

Has the Blackbaud attack shaken your faith in cloud-based services?

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column

Rank This Aardvark Page


Change Font

Sci-Tech headlines



The EZ Battery Reconditioning scam

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam


Recent Columns

Where to now for Intel?
Intel is a name synonymous with computers...

What do you most want to learn?
Most intelligent people enjoy learning...

Are hobbies the best medicine?
Research tends to indicate that those of us who have hobbies do much better when facing the effects of time on our physical and mental abilities...

The Warehouse's crazy warranty policy
New Zealand's "red shed", The Warehouse makes the bold claim that they give you a money-back guarantee of satisfaction...

End of the road for YouTube
YouTube has just shot itself in the foot, again...

Silicon still rules
We've been told for quite some time now that the fabrication of CPUs from silicon is reaching its endpoint...

Social media fail
Social media is a double-edged sword...

Is it a conspiracy?
Everyone loves a good old conspiracy theory...

A good day to feel old
How old were you when you first encountered a microcomputer?...

Magic pills worth billions
Vitamins -- vital minerals that the body needs to ensure that the myriad of chemical processes essential for life continue...

Once in a lifetime
It's not often you get a once in a lifetime opportunity...