News You Might’ve Missed. 01 – 04 Mar

What's new this week in the news for MSPs? Microsoft announces new cloud instances and security features; Google launches a cyber-insurance program; Microsoft initiates zero-trust focus for Azure; Exchange servers the target of HAFNIUM 0-day exploits; and DarkSide ransomware hits CompuCom MSP.

Let's see what it's all about.

Microsoft Announces New Cloud Instances and Security Features

This week Microsoft announced memory-optimized instances for Azure public cloud at the Ignite virtual event. The new features will help their customers secure and manage their environments.
Msv2 instances are aimed at businesses running memory-intensive workloads, such as the in-memory databases in SAP SE's Hana.

Besides increasing the number of available Azure instances, they will also be simpler to manage. Although Azure previously supported it only in Windows, Azure Automanage, a management automation service, makes performing specific tasks such as repairing incorrectly defined configuration settings and installing security updates a breeze.

Trusted Launch, another new feature, and encrypted keys will make it easier for Azure instances to keep hackers out. Additionally, Microsoft is offering a setting that it is referred to as auto-key rotation. This setting enables keys to be refreshed automatically after specific periods, reducing the chance of data breaches.

Google Launches a Cyber-Insurance Program

Google is developing a cybersecurity insurance program. According to Google this week, it is the first program of its kind to come from a cloud provider.It includes a risk analysis tool to help companies pinpoint weaknesses in their cloud environment security.

The two firms are expected to provide "specialized and enhanced cyber insurance." The packages will be made exclusively for customers of Google Cloud. According to Google, the insurance pricing is based on how well the customer's information technology environment is secured.

Risk Manager is a tool Google that has developed that will be a part of the offering. It analyzes a company's security in their cloud environment and pinpoints any issues. It then produces a report for companies to reduce their cloud's vulnerability to breaches and optimizes pricing on their insurance. Google is currently announcing the collaboration as the first partnership with the insurance industry and a cloud provider.

Microsoft Initiates Zero-Trust Focus for Azure

Zero-trust is a concept that Google LLC initially proposed. This week at Ignite 2021, Microsoft announced many updates that aim to extend the protection it provides to identities, devices, data, clouds, and platforms based on zero-trust.

The zero-trust concept is centered around shifting access controls from the perimeter to users and individual devices. It will let staff work securely from any location without the need for a traditional VPN (virtual private network).

Once zero-trust is in place, access control assumes any user, whether from inside or outside, is equally untrustworthy. Access request approvals are based on the particular user’s details, such as their job designation and the device's security status.

According to Vassu Jakka, Microsoft Corporate VP of compliance, security, and identity, Microsoft is a passionate proponent of the zero-trust mindset. To ensure that businesses are protected in conformance with the current complex security requirements, he says we must combine the areas of security, identity, compliance, and skilling.

Exchange Servers the Target of HAFNIUM 0-Day Exploits

Microsoft says it has detected multiple limited and targeted attacks using on-premise versions of Microsoft Exchange Server via 0-day exploits. The threat actor in these attacks used these vulnerabilities to access the on-premise Exchange servers, allowing the installation of additional malware and further access to email accounts, which would facilitate long-term access to its victims' environments.

HAFNIUM is known to target organizations in the United States primarily. MSTIC (Microsoft Threat Intelligence Center) attributes the campaign to HAFNIUM with a high degree of confidence. They say they are assessed as a state-sponsored group that operates from China. They determined this based on the procedures, tactics, and victimology used in the attacks.

Microsoft is strongly recommending businesses to update their on-premise systems now. Exchange Online is not affected.

DarkSide Ransomware Hits CompuCom MSP

Compucom, a US-based managed services provider, was hit by a DarkSide ransomware attack. The attack led to the disruption of their services and customers being disconnected from their network to prevent the malware's further spread.

The problem was first discovered on the customer portal used for creating trouble tickets. Instead of what is usually present, customers were greeted with an error message. CompuCom began contacting customers stating that their site had been compromised by malware, but they gave no other details. Cobalt Strike is leveraged for installation using a variety of trojans that are spread through email phishing campaigns. Some of the trojans include TrickBot, BazarLoader, ZLoader, and QBot.

Since confirmation has been obtained that DarkSide ransomware is behind the attack, it is likely that the cybercriminals encrypted the devices after harvesting unencrypted files. If the ransom is not paid, we will soon see the data appear on their data leak site.

That's a Wrap for News You Might've Missed

I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.