- CybAfrique Newsletter
- Posts
- To Cloud or not to Cloud, that is the question
To Cloud or not to Cloud, that is the question
CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.
HIGHLIGHT

To Cloud or not, that is the question
There are, broadly, two ways to use a big piece of corporate software. You can pay a company like Microsoft a monthly fee to use their version of it, which runs on their giant, hyper-secure computers in a data center somewhere in Virginia or Iowa. This is called "the cloud." Or, you can buy the software, install it on your own computers in your own server room, and run it yourself. This is called "on-premises".
The main argument for doing it yourself—for paying for the server, the electricity, the cooling, and the IT staff to babysit it—is control. It’s your data, on your machine, inside your building. You feel safe. You have dominion over your digital kingdom. You are not subject to the whims of some giant tech company that might change its terms of service or get a subpoena for your data. This feeling of control comes at a price. And every so often, the bill for that premium comes due in a very abrupt and unpleasant way.
A group of hackers who Microsoft calls Storm-2603 found a flaw in Microsoft’s on-premises SharePoint Server software (because the cloud one is automatically patched for security flaws). SharePoint is, you know, a tool for companies to build internal websites to share documents and collaborate. It's a digital filing cabinet. The flaw they found was, let’s say, a good one. It was a “you don’t need a password or any credentials at all” kind of flaw. It was less like picking a lock and more like discovering the architect forgot to build a wall. You could just walk right in and become the administrator of the whole system.
Once you’re the administrator of the whole system, what do you do? Well, if you’re Storm-2603, you do your job. And your job is to monetize your access. You deploy ransomware. Their preferred brand is called “Warlock,” and it does the usual ransomware thing: it encrypts all the victim’s files, rendering them useless. Then it leaves a note. “Nice digital filing cabinet you have here,” the note does not say but probably should. “It would be a shame if anything happened to it. Pay us a pile of untraceable cryptocurrency and we’ll give you the key to get it all back.”
This is already a decent business model. But the modern digital extortionist knows you can’t leave money on the table. So before they lock everything up, they copy it all. This is “double extortion.” The ransom isn’t just for the decryption key; it’s for a promise—from anonymous international hackers, so, you know, a very reliable promise—that they won’t leak all your sensitive corporate data on the internet.
The fun part is who gets hit. If you use SharePoint Online, the cloud version, Microsoft finds out about the flaw and presumably fixes it for all of its customers at once. You might not even know it happened. The bill for your On-Premises Premium, however, arrives when the hackers find your server before your IT department gets around to installing the security patch that Microsoft released.
Where do you go hunting for unpatched servers? You go where the probability is highest. You go where the IT departments might be understaffed, under-resourced, or just have too much to do. And so you see cybersecurity firm Bitdefender noting that exploitation of this flaw was detected in places like South Africa. A recent INTERPOL report on African cybercrime points out that countries like Nigeria, Kenya, and Egypt are already hotspots for this sort of thing. The hackers are just efficient capitalists, going where the operational alpha is highest.
The incentives here are beautifully, if grimly, aligned. The hackers want to get paid. The victim company wants its data back and, more importantly, wants to avoid the catastrophic embarrassment of having its secrets posted online. There is a motivated buyer and a motivated seller.
And Microsoft? Well, Microsoft’s incentive is to get everyone to please, for the love of all that is holy, stop running their own servers and just move to the cloud. Every time a story like this breaks, it’s the best possible advertisement for their subscription-based Microsoft 365 services. They are, of course, horrified by the actions of these hackers. But are they horrified by the free marketing case for why the On-Premises Premium is no longer worth paying? We leave that as an exercise for the reader. The bill always comes due.
Do you find value in the CybAfriqué newsletter? Share to support the work we do
FEATURES
This article from the African Digital Democracy Observatory (ADDO) details how South African businessman Zunaid Moti weaponized disinformation in a Strategic Lawsuit Against Public Participation (SLAPP) case against investigative journalists from amaBhungane.
Another article from the African Digital Democracy Observatory (ADDO), highlights a key finding from a new CIIA report: a significant gap exists between how media professionals and social media users in Kenya and Senegal perceive and tackle misinformation. Media professionals largely concentrate on political and news-related misinformation, whereas general users are more concerned with everyday falsehoods like scams, fake job advertisements, and health rumors.
Dubawa uncovers a hidden digital propaganda effort by the Alliance of Sahel States (AES)—Mali, Burkina Faso, and Niger—designed to sway public opinion throughout West Africa. Initiated after military takeovers began in 2021, this campaign employs bots, censorship, encrypted communication, and state media to spread narratives that are pro-military, anti-democracy, and anti-Western.
HEADLINES
DevOps practices may breach Nigeria’s data protection law – Expert
Fake AI Videos Of R. Kelly, Pope Spread Cult Of Burkina Junta Chief
South African National Treasury finds malware on its systems
U.S. govt confiscates $7.5 million illicit crypto assets from Nigerian fraudster’s Binance accounts
CyberKnight and Nozomi Networks to transform OT cybersecurity in Africa
First HoldCo denies N323 billion share acquisition claims, accuses Arise TV of misreporting
Sterling Bank opens accounts for Lagos resident without his knowledge or permission.
Reply