Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BaseCamp. Show all posts

37signals Boosts Profits by Over $1 Million by Exiting Cloud Computing

 


This year, software company 37signals has made headlines with its decision to leave cloud computing, resulting in a significant profit boost of over $1 million (£790,000). This move highlights a growing trend among businesses reassessing the value of cloud services versus traditional in-house infrastructure. 37signals, known for its project management tool Basecamp and email service decided to transition away from cloud providers to manage its own servers. 

This shift has not only reduced their operating expenses but also provided greater control over their infrastructure. By avoiding the recurring costs associated with cloud services, 37signals has been able to retain more revenue, contributing directly to its increased profitability. The decision to leave the cloud stems from various factors. While cloud computing offers scalability and flexibility, it often comes with high costs that can accumulate over time, especially for companies with predictable workloads. 

By managing their own servers, companies like 37signals can optimize performance and cut costs associated with data transfer and storage. Furthermore, this move has implications for data security and privacy. Controlling their own infrastructure allows companies to implement stricter security measures tailored to their needs, reducing reliance on third-party vendors. This can be particularly important for firms handling sensitive information, as it minimizes potential vulnerabilities associated with shared cloud environments. 37signals’ successful transition away from cloud computing is part of a broader industry trend. Other companies are also evaluating the cost-benefit balance of cloud services. 

For some, the flexibility and ease of scaling offered by cloud solutions remain invaluable, while others, like 37signals, find that in-house infrastructure provides a more cost-effective and secure alternative. As more companies share their experiences and outcomes, it will be interesting to see how the landscape of cloud computing evolves. Businesses must carefully consider their unique needs, workloads, and security requirements when deciding whether to invest in cloud services or return to more traditional infrastructure solutions. 

The decision by 37signals to leave the cloud and the subsequent financial benefits they’ve reaped could encourage other companies to reevaluate their own strategies. By weighing the pros and cons, businesses can make informed decisions that align with their financial and operational goals.

BazarLoader Malware: Abuses Slack and BaseCamp Clouds

 

The primary feature of the BazarLoader downloader, which is written in C++, is to download and execute additional modules. BazarLoader was first discovered in the wild last April, and researchers have discovered at least six variants since then “signaling active and ongoing development”.

According to researchers, the BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads. The attackers have also added a voice-call feature to the attack chain in a secondary campaign targeted at consumers. 

“With a focus on targets in large enterprises, BazarLoader could potentially be used to mount a subsequent ransomware attack,” states Sophos advisory released on Thursday. Adversaries are targeting employees of large companies with emails that purport to provide valuable details related to contracts, customer care, invoices, or payroll, they added. 

Since the links in the emails are hosted on Slack or BaseCamp cloud storage, they can appear genuine if the target works for a company that uses one of those platforms. When a victim clicks on the link, BazarLoader downloads and executes on their device. 

Usually, the links point to a digitally signed executable with an Adobe PDF graphic as its symbol and the files have names like presentation-document.exe, preview-document-[number].exe, or annualreport.exe, according to the researchers. These executable files, when run, inject a DLL payload into a legitimate process, such as the Windows command shell, cmd.exe. 

“The malware, only running in memory, cannot be detected by an endpoint protection tool’s scans of the filesystem, as it never gets written to the filesystem.” Sophos discovered that the spam messages in the second campaign are devoid of anything suspicious: there are no personal details of any sort in the email body, no connection, and no file attachment.

“All the message claims is that a free trial for an online service the recipient claims to be using is about to expire in the next day or two, and it includes a phone number the recipient must call to opt-out of a costly, paid renewal,” researchers explained. 

If a potential victim picks up the call, a friendly person on the other end of the line sends them a website address where they can unsubscribe from the service. These websites bury an unsubscribe button in a page of frequently asked questions and clicking that button delivers a malicious Office document (either a Word doc or an Excel spreadsheet) that, when opened, infects the computer with the same BazarLoader malware. 

The messages claimed to come from a company named Medical Reminder Service and included a phone number as well as a street address for a real office building in Los Angeles. However, starting in mid-April, the messages began to use a ruse involving a fraudulent paying online lending library named BookPoint. 

Researchers have been suspecting that BazarLoader could be related or authored by the TrickBot operators. TrickBot is another first-stage loader malware often used in ransomware campaigns. 

BazarLoader seems to be in its initial developmental stage and isn't as advanced as more mature families like TrickBot, researchers added. “While early versions of the malware were not obfuscated,” they explained, “more recent samples appear to encrypt strings that could expose the malware's intended use.”