(Maersk Photo)
Welcome to today’s edition of Mostly Cloudy, your source for everything you need to know about cloud computing! In this installment, we’ll take a look at the after-effects of one of the most destructive events in recent cybersecurity history, and why big companies that fail to modernize their tech infrastructure tend to fall hardest.
This Week in Cloud: Playing with fire
The release of the NotPetya malware attack in June 2017 unleashed one of the worst disasters in the history of information technology, destroying countless amounts of data and bringing huge companies like shipping giant Maersk to their knees in just a few hours. A lot of the story has already been told, but Maersk Chief Information Security Officer Andrew Powell provided a few more details on the aftermath of the attack during comments last week at Black Hat Europe.
Maersk had only just begun the process of “digital transformation,” having signed a cloud deal with Microsoft Azure in April 2017, when it was hit by NotPetya. Believed to be the act of Russian hackers, NotPetya took advantage of a flaws in software used by the Ukranian government to collect tax revenue from companies that did business in the country.
The malware so quickly overwhelmed Maersk’s systems that both its primary and backup version of Microsoft’s Active Directory were completely erased, forcing it to fly to Nigeria to recover a version of Active Directory from a local server there that just happened to go offline just before the attack hit thanks to a power outage.
Needless to say, that’s not considered a best practice in the disaster-recovery handbook, although sometimes it’s better to be lucky than good. The incident would wind up costing Maersk around $300 million as shipping delays piled up around the globe, paralyzed by the global IT outage.
"Nine days for an Active Directory recovery isn't good enough," Powell said in his remarks at Black Hat Europe, as reported by Dark Reading. "You should aspire to 24 hours; if you can't, then you can't repair anything else."
(Maersk Photo)
Powell also hinted that several other U.S. companies were likely hit just as hard — if not harder — than Maersk, which was forced to come clean about its involvement thanks to the visible traffic jams at ports around the world. Any company that did business with Ukraine needed to run the tax-collection software somewhere, leaving them open to the novel attack.
However, companies with updated versions of Microsoft Windows Server were likely protected from the attack; Wired reported last year that Maersk was running Windows Server 2000 across its network at the time of the attack, which is horrifying, if more common than many of us might think. The company had proposed a plan to patch its software more regularly, but according to Wired “its success was never made a so-called key performance indicator for Maersk’s most senior IT overseers, so implementing it wouldn’t contribute to their bonuses.”
This underscores a huge, basic point behind the process of digital transformation that cuts through the marketing message: modern companies operating on the internet need to build, test, and deploy software faster than older technologies allow. It’s not just a security issue; customers across almost all lines of business these days have certain expectations around how they interact with their vendors on the internet, and they are less tolerant of kludgy tech than in the past.
Powell urged Black Hat Europe attendees to ensure their companies have offline backups stored in a safe place, and said Maersk has invested heavily in its backup systems. He also warned attendees that the nature of the cyberthreats they face is changing: “Powell also said that attackers increasingly value data over infrastructure, and while any given attack campaign may appear focused on destroying data, the reality is that adversaries increasingly realize there is more value in simultaneously stealing the data and selling it later to the highest bidder,” according to the report.
Much of Maersk’s experience is a selling point for the cloud: automatic operating system updates, distributed backup capabilities, and world-class security teams that can help you get out of a mess. And it’s also a boon for startups and other companies that need to help companies with outdated IT infrastructure update not only their equipment and processes, but corporate culture around a new way of building tech.
Also, hopefully anyone in this situation is already aware of this, but the end-of-support deadline for Windows Server 2008 hits in January.
And Now, A Word…
Not sure what to do with that expiring professional development budget before the end of the year? Buy your department a group subscription to Mostly Cloudy! Reply to this email or reach out to mostlycloudy@substack.com for more information on group discounts, they make great stocking stuffers.
Around the Cloud
Amazon Accuses Trump of ‘Improper Pressure’ on JEDI Contract (The New York Times)
Amazon Web Services filed its formal protest of the JEDI contract award process on Monday, and there aren’t a lot of surprises given how publicly much of that process played out. One interesting tidbit: AWS said the Department of Defense decided at the last minute that AWS would have to build it new data centers, rather than using the existing AWS data centers that had been already approved for use by sensitive services and were part of its bid, forcing it to raise its bid.
Microsoft and Pentagon to Kick Off JEDI Cloud Prep (NextGov)
(Photo: U.S. Air Force Senior Airman Perry Aston)
Unless there is a smoking gun with President Trump’s fingerprints on it somewhere in the DoD JEDI files, Microsoft seems likely to hold on to its win. CEO Satya Nadella and other Microsoft executives are scheduled to meet with DoD officials this week to talk about initial steps, although the work isn’t supposed to begin in earnest until February.
Microsoft tries to stay out of Amazon’s JEDI appeal while continuing to improve Azure (Marketwatch)
This is all a little weird for Microsoft, which no doubt wants to take a louder victory lap over its JEDI win than might seem prudent, given that Microsoft executives are well aware of how the Trump administration operates. Anyone who follows this space knows that Microsoft made itself into a credible cloud infrastructure provider a long time ago, and that would still have been true regardless of who won the JEDI contract.
Outposts, Local Zone, Wavelength: It's a new era of distributed cloud, says AWS architect (The Register)
Adrian Cockcroft of AWS sat down with the wacky lot from London last week at re:Invent to talk about one of the key themes of the week: AWS’s embrace of edge and hybrid computing, as I touched on last week at the show. It’s a a great wide-ranging discussion on the announcements from last week as well as other Cockcroftian favorites like chaos engineering.
Intel CEO Wants To Destroy The Thinking About Having 90% Share In CPU Market, Talks 10nm Problems, 7nm Roadmap And More (WCCFtech)
The next few years for Intel are going to be fascinating, as one of the oldest companies in tech tries to find its place in the modern world. Intel has been behind on most of the trends that have defined the last decade of computing, and it will need to reorient its thinking (and execution) in order to compete over the next decade.
Hackers Can Mess With Voltages to Steal Intel Chips' Secrets (Wired)
Speaking of headaches for Intel, it feels like a whole new generation of hardware hackers are finding their way. This attack, conducted through malicious software that unwitting recipients install on their machines, alters the voltage sent to Intel’s chips by the computer in order to bypass secure enclave protections on the chip in order to steal sensitive information.
Ex-Apple Executive Accused of Betrayal Says He Was Snooped On (Bloomberg)
Nuvia is a new chip startup working on some area of the data center business, but its co-founder is going to have to deal with Apple’s legal department first. Apple is suing Gerald Williams, saying he was “barred in an intellectual property agreement from planning or engaging in any business activities that are ‘competitive with or directly related to Apple’s business or products.,” according to Bloomberg.
Oracle will move its annual OpenWorld conference to Las Vegas because San Francisco is too expensive (CNBC)
Oracle OpenWorld 2019 at San Francisco’s Moscone Center (Oracle Photo)
Say what you want about Las Vegas, it is much better equipped to handle large corporate conferences than San Francisco’s South of Market neighborhood, which grinds to a halt during any major event at the Moscone Center. Oracle cited San Francisco’s “poor street conditions” as one of the other reasons it decided to move OpenWorld to a city where you never have to be confronted with the reality of modern America if you stick to the Strip.
F5 and NGINX: Going Forward with Kubernetes (The New Stack)
It has been an interesting year for Seattle’s F5, one of countless enterprise infrastructure companies that were very successful during the data-center era but have struggled to transition to the cloud era. It acquired NGINX in March to expand its software portfolio and reach among the open-source community, and like many companies, is looking at Kubernetes as a way to make an impact on the cloud.
MongoDB revenues rise sharply as Atlas customer headcount more than doubles year-on-year (Diginomica)
Atlas is the managed version of the open(ish)-source MongoDB project that the company sought to protect with licensing changes last year, and it was one of its fastest-growing sources of revenue during its most recent quarter. CEO Dev Ittycheria made sure to point out during the earnings call that AWS’s DocumentDB answer to MongoDB’s licensing moves is best suited for companies that have “primitive requirements” when using the technology.
Ford and Microsoft try to tackle traffic jams with quantum research (Axios)
Doesn’t it feel like the most likely impact of applying data analysis to traffic patterns will be turning every single surface street into a busy street, as algorithms route traffic around backups on major routes? That will be fun.
Xs:code launches subscription platform to monetize open-source projects (Techcrunch)
This is an interesting idea that could help indie open-source developers get their work out into a world increasingly dominated by open-source projects launched by huge tech vendors. I’m not sure if a Kickstarter for open source is a sustainable thing, but it’s good to see some attempts to provide motivated developers with a way to make money writing code on their own.