More than 435 Cyanweb customer accounts forced offline

An Australian web and IT provider has been hit with a “worst case scenario,” after a cyber-attack on its hosting server resulted in a continued disruption of services and obliteration of nearly all its client data.

Cyanweb Solutions, a Perth-based company with only three full-time staff members, announced the data breach earlier this month with a colourful post on its homepage.

More than 435 customers had their websites taken offline, and the company estimates
that only 12% of customer data survived the attack, where assailants were able to gain administrative privileges and then inject a “seek and destroy payload.”

Unauthorized access on Cyanweb’s cPanel web hosting sever, where all client data was stored, was initially gained through a distributed denial-of-service (DDoS) attack.

Cyanweb said: “A professional hacking group attacked, infiltrated the server and destroyed all data, including all available backup data.

“We highly suspect this was a professional hit, as at the time of the infiltration the server was being ‘overloaded’ (DDoS) by a highly suspicious range of sequential Swiss server IP addresses. Some Swiss servers are like Swiss bank accounts and are sometimes used by professional criminals / well-funded cyber terrorist groups.”

Cyanweb did not immediately reply to The Daily Swig’s request for comment on whether it had contacted law enforcement and was working with the appropriate authorities to identify the culprits behind a clear targeted attack on its infrastructure.

Upon learning of the intrusion, Cyanweb immediately shut off its server, but was left with no way to contact its clients as all email addresses were destroyed – however there is no evidence of any data having been stolen.

The company remains in “crisis mode,” according to a recording currently playing on the its main phone line, which also pleads for patience as Cyanweb’s small team works at getting its customers back in business.

“If your website was not developed by Cyanweb, you should go back to your original web developer to see if they can get your website back online,” it said.

“Or if you were managing your own website, and any content, you may have taken the opportunity to make a backup download of your website, or if you had access to your hosting account, your IT may have a backup there. But we are finding that most people didn’t have a backup plan. While we did have backups, they were unfortunately destroyed.”

It added: “We don’t have ETAs on individual sites, we’re working through them as best as we can.”

Seek Security Products was one of the Cyanweb clients affected.

“They rectified it as quick as they could, I thought they did a marvellous job,” a representative from Seek Security Products told The Daily Swig.

“It was a bad situation, obviously. We lost our website and our email facility, but they worked on it fairly quickly and we were fortunate that we had backup anyway, so we weren’t as affected as much as other people may have been.”

It is believed that Cyanweb did not have any offsite backups in place. The company is currently doing a security audit of all its servers and adding additional backups.