News You Might’ve Missed. 08 – 11 Mar

What's new this week in the news for MSPs? Fire destroys an OVH data center; Google launches Mission Critical Services; Qualys data breach related to Accellion; and Chinese hackers target Linux systems with new malware.

Let's see what it's all about.

Fire Destroys an OVH Data Center

This week a fire destroyed one of OVH’s Strasbourg data centers and a portion of another. According to the company, no firefighters, OVH staff, or local government staff were injured in the fire.

Many customers of OVH, the largest native cloud provider in Europe, were complaining on social media sites such as Twitter, stating that their websites were down, affecting their applications hosted at the Eastern France campus. Approximately 3.6 million sites were down due to the fire.

It appears that some did not have backup sites or disaster recovery plans in place. Initial checks on the fiber connections related to the areas affected show that they are still intact. The company hopes to restore services quickly.

As of right now, the fire’s cause is unknown and an investigation has been opened.

Google Launches Mission Critical Services

Google LLC is launching better customer support for its public cloud that they are calling Mission Critical Services. The service is targeted at customers who want to ensure that business-critical apps won’t fail.

According to Google Cloud Customer Experience VP John Lester, some of Google Cloud’s customers’ cloud environments are very demanding. Even a minute of downtime can cost them a loss of revenue in the millions.

It is for businesses like this that Google has developed Mission Critical Services. Specifically, Google is focused on serving companies in the financial services, retail, and telecommunications industries that need to bulletproof their apps in the cloud. Google Cloud’s MCS is one step above its Premium Support service and is more of a consultative service in nature.

Google will partner with the businesses that sign up for MCS through a step-by-step process. It will include onboarding, assessment, and remediation that will bring their application architecture, observability, control, and measurement all into view in what it is calling “Google standard MCS operations mode.” The new service has been nine months in the making, according to Lester.

Qualys Data Breach Related to Accellion

The latest data breach victim is Qualys Inc., a cybersecurity software provider. The Clop ransomware group shared screenshots on their site, supposedly belonging to Qualys.

On Wednesday, the company confirmed that they had been attacked and said that it was a security incident. They further explained that the attack had used a known vulnerability in Accellion software that allowed the hackers to copy data from the system used for customer support.

It did not impact production infrastructures on Qualys’s private or shared platforms. They also say that there was no impact on their code base or customer data on the Qualys Cloud, Qualys Agents, or Scanners.

The company hasn’t shared when the data theft happened but said they applied a hotfix patch on December 22 to their Accellion FTA server to secure it. They also have enhanced security by enabling additional alerts and deploying other patches on their systems.

While they have informed all the impacted customers, they aren’t disclosing the type of stolen data. Although Qualys says the data came from a system for customer support, a BleepingComputer report shows that the Clop ransomware gang published data, including purchase orders, tax documents, invoices, and scanned reports.

Chinese Hackers Target Linux Systems with New Malware

According to research analysts, the new RedXOR backdoor is targeting Linux systems. They are linking it back to the Winnti threat group.

The backdoor’s name is RedXOR for two reasons. The first is due to its data encoding being based on the encryption algorithm XOR. Secondly, they discovered samples of it in Red Hat Enterprise Linux’s old release. This clue enabled them to determine that Linux systems are the target.

How they are compromising systems is still unknown, but compromised credentials, vulnerabilities, and misconfigurations are a few of the exploits in use. According to Avigayil Mechtinger, a security researcher from Intezer, the initial compromise could have used a different endpoint. This means the threat actor moved to a Linux system where the malware was already present.

Security researchers say that 2020 saw a 40-percent increase in new Linux malware families.

That's a Wrap for News You Might've Missed

I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.