What's new this week in the news for MSPs? Four in the hyper-scale cloud provider market to surpass $115 bn; video game developer CD Projekt S.A. hit in ransomware attack; Ziggy ransomware group shuts down; BazarBackdoor malware by TrickBot recoded in Nim; BendyBear malware linked to Chinese hackers; and Microsoft warning to enterprises on new “dependency confusion” attack technique.
Let's see what it's all about.
Four in the Hyper-Scale Cloud Provider Market to Surpass $115 bn
According to a Silicon Angle report, four hyper-scale cloud providers are set to exceed $115 bn this year. When you consider combined IaaS and PaaS, only AWS, Azure by Microsoft, Alibaba Cloud, and Google Cloud by Alphabet have the drive, resources, and endurance to outperform all the others in the same category.
In their analysis of the group, they initiated coverage of the Alibaba Group for the first time. Most of Alibaba's revenue comes from China, and the company has more plans for international expansion.
All-in-all, the 2020 revenue of these four companies accounted for $86 bn, a 41% growth rate compared to 2019. This data leads the Silicon Angle researchers to believe that the four will collectively surpass $115 bn in their 2021 IaaS and PaaS revenue.
The IaaS cloud market certainly comprises more than these four companies. Nevertheless, the “A” players stand alone as hyper-scalers with resources, technology, capital spending budget, customer drive, and strength that add to their uniqueness.
CD Projekt S.A. Hit by Ransomware
Video game developer CD Projekt S.A., renowned as the maker of "Cyberpunk 2077," has been struck by a ransomware attack that resulted in data being stolen. In a Twitter statement, they reported that they discovered a cyberattack on February 8th that compromised internal systems.
In a ransom note, the attackers declared that they had stolen the source code for the games "Cyberpunk 2077," "Gwent," "Witcher 3," and an unreleased released version of "Witcher 3." They also referred to other documents relating to various departments as well.
CD Projekt noted that some devices on its systems had been encrypted. However, they had intact backups and had already begun restoring data. They have no intention of giving in to the cybercriminals' demands.
Ziggy Ransomware Group Stops Operations
According to a report today from BleepingComputer, the Ziggy ransomware group has shut down. They also released a decryption key due to concerns about being targeted by law enforcement.
Stating that "we are very sad about what we did," according to reports, the group announced that it would be shutting down in a Telegram group. According to the BleepingComputer report, the Ziggy administrator told them the group had created the ransomware to generate money.
The threat actors behind Ziggy have now released the decryption key. Nevertheless, security researcher M. Shahpasandi noted that the decryption release included malicious files on Twitter. It also appears that Ziggy ransomware is not alone in its concerns.
BazarBackdoor Malware by TrickBot Recoded in Nim
BleepingComputer has reported that the BazarBackdoor malware by Trickbot has been recoded in the Nim programming language. Their experts say this is to escape detection by traditional antivirus programs.
Using spam campaigns, the TrickBot cybercrime gang has boosted the spread of their more recent and stealthier BazarBackdoor malware. The BazarBackdoor malware is used to provide the threat actors with access to the compromised computer to spread the malware throughout the target's network laterally. Since it is unusual to find malware developed using Nim, it’s possible that TrickBot has done this in order to bypass antivirus software detection.
New BendyBear Malware Under Investigation
New info on the polymorphic and "highly sophisticated" malware dubbed BendyBear was shared by Unit 42 researchers. The information links it to Chinese hackers known to be connected with the Chinese government. BendyBear was first seen in August 2020. However, there is no information on the infection vector used to deploy it, or any potential targeted victims.
This malware's only function appears to be to download other malicious payloads from attacker-controlled command and control (C2) servers. The cyber-spies who use BendyBear in their operations are loading it onto compromised devices immediately after gaining access to the machines.
According to Unit 42, BendyBear's long list of features and capabilities includes: decryption of code blocks at runtime, clearing the host's DNS cache every time it attempts to connect to its C2 server, obscuring connection protocol by connecting to the C2 server over a standard port (443), and more.
Microsoft Announced a New Attack Technique
Also known as a "substitution attack," a new "dependency confusion" technique is in use to allow threat actors to sneak malicious code inside private code repositories. They can do this by registering internal library names on public package indexes.
Microsoft published a white paper on Tuesday about this new type of attack technique, which can poison the app-building process inside corporate environments.
Public and private package repositories, package managers, and build processes are some of the concepts involved.
Suppose an attacker learns the names of private libraries used inside a company's app-building process. In that case, they could register these names on public package repositories and upload public libraries containing malicious code, according to researchers' findings.
The "dependency confusion" attack occurs when their package manager prioritizes the (malicious) library hosted on the public repository instead of the internal library with the same name, and the developers build their apps inside enterprise environments.
That's a Wrap for News You Might've Missed
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.