What's new this week in the news for MSPs? This week Amazon gave the Outposts hybrid cloud service to GovCloud; the U.S. Defense Department's internal watchdog says there was no interference in Jedi bidding; log-in credentials were stolen in a San Francisco International Airport hack; webhooks are a vulnerability in Slack; and a Ragnar ransomware attack against energy giant EDP. Let's see what's going on.
AWS Makes Outposts Hybrid Cloud Service Available to GovCloud Clients
Amazon Web Services (AWS) has announced that connectivity has been established between the AWS Outposts service and the GovCloud regions, along with the use of the full spectrum of its cloud services to build and run on-premises applications for public-sector customers.
AWS Outposts is a hybrid cloud service, first announced in late 2018. The services help their customers extend native AWS or VMware Cloud on AWS distributions at their own data centers, giving them an on-premises version of the AWS cloud. In this way, it's somewhat similar to Microsoft Corp.'s Azure Stack product, which permits its customers to run Azure cloud services in their data centers.
No Interference, Says DOD Watchdog Agency on JEDI Contract
According to the U.S. Defense Department's internal watchdog agency, there was no White House interference in the JEDI contract process. They made the statement after a review of evidence they received, in which procurement personnel state that the White House didn't pressure them.
However, they added that this was not a full investigation, since some DOD officials didn't respond to the questions.
The JEDI, or Joint Enterprise Defense Infrastructure, contract is a cloud computing project to overhaul the Pentagon's technology capabilities, and estimates forecast that it will be worth up to $10 billion over ten years. Last year, they awarded the project to Microsoft, although Amazon had been expected to get it. Since then, Amazon has been in court to fight it out with Microsoft and the DOD.
In the 317-page report, the Pentagon's Office of the Inspector General wrote: "We believe the evidence we received showed that the DoD personnel who evaluated the contract proposals and awarded Microsoft the JEDI Cloud contract were not pressured regarding their decision on the award of the contract." AWS appears unimpressed with the report, commenting that it "doesn't tell us much".
San Francisco International Airport Hacked
Last month, San Francisco International Airport (SFO) was hacked, which resulted in the theft of log-in credentials such as usernames and passwords. Since SFO hasn't made any reference to their being encrypted, it's assumed they were plain text.
"The attackers inserted malicious computer code on these websites to steal some users' login credentials. Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO," according to the notice posted on April 7th.
James Carder, a vice president with the security intelligence firm LogRhythm Inc., notes, "While the initial access or exploit point leveraged by the attacker to steal credentials and upload malicious code hasn't been disclosed, one can assume that the attacker leveraged a known vulnerability in these websites specifically."
Businesses need to be aware that potential attackers follow the habits of people and know that they habitually reuse passwords on different websites. So, they take those credentials and attempt to apply them to access higher-payload sites like banks. People need to be schooled on the dangers of reusing passwords on multiple websites.
Even more importantly, individuals and companies must enable multi-factor authentication systems that require a code to be sent by text or generated from an application on a smartphone wherever possible. In this way, even if a hacker obtains passwords, they will still be unable to access an account without that additional authentication access.
Incoming Webhooks in Slack Vulnerable to Phishing
AT&T Alien Labs security researchers found a vulnerability with Slack that can be used to phish users of the application. Designed as a simple way to post messages from apps into Slack, it has been seen that these Incoming Webhooks offer a unique URL whereby an app can send a JSON payload with a message text and some options.
Webhooks clear the way to post data on Slack. Although they are promoted as a secure service, security researchers have detected that this is "not entirely true". Even though webhook URLs are supposed to be confidential and secure, researchers found 130,989 public code listings with Slack webhook URLs, and the majority of them had the unique webhook value.
By using these public URLs, Slack webhook phishing through Slack apps is possible.
They suggested that Slack can implement changes to prevent this from occurring by adopting a least-privilege policy for incoming webhooks, improving awareness of secret-handling, and implementing application verification. In response to the report, Slack stated that it's proactively scraping GitHub for publicly exposed webhooks and invalidating them.
Ragnar Locker Ransomware Attack on Energy Firm EDP
Portuguese multinational energy giant Energias de Portugal (EDP) has been hit by attackers using the Ragnar Locker ransomware. They have encrypted their systems and are asking for a 1,580-BTC ransom ($10.9M or €9.9M).
The Ragnar Locker ransomware operators say they have obtained 10 TB of sensitive company files from the attack, which they are now threatening to divulge unless the company pays.
When the link is clicked on from a post on the compromised site, it leads to a database export. The stolen information includes EDP employees' log-in names, passwords, accounts, URLs, and notes.
The ransom note on the EDP encrypted system states that the attackers were able to steal confidential information on billing, contracts, transactions, clients, and partners.
EDP says they are currently assessing the situation and have teams working expeditiously to restore the normal functioning of their systems.
Additionally, they are working with the authorities to identify the origin and anatomy of the attack.
That's a Wrap
That's the week in summary. I hope this has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next week for more highlights.