What’s new this week in the news for MSPs? Google launches data analyzer BigQuery Omni; Assured Workloads for Government by Google Started; Confidential VMs Available from Google; GoldenHelper malware in official Chinese tax software; AgeLocker ransomware discovered to use Google encryption tool; and Collabera hit in Maze ransomware attack.
Let’s see what it’s all about.
Google Launches Data Analyzer BigQuery Omni
Google LLC has made available its new service called BigQuery Omni, as they announced this week. It brings Google’s BigQuery data warehouse and analytics tool capabilities to additional cloud platforms like AWS, and it will be coming soon for Microsoft Azure.
Google BigQuery is a fully managed serverless data warehouse that allows rapid Structured Query Language queries that include interactive analysis of massive datasets.
BigQuery Omni addresses the problem that companies using multiple public clouds face in analyzing their data effectively.
Assured Workloads for Government by Google Started
Compliance and security around data locality and access are critical factors for government users in cloud technologies, as Google Cloud product managers Christopher Johnson and Bhavna Batra recently discussed in a blog post.
Assured Workloads for Government, a new tier of cloud computing for government agencies, was developed to solve this problem and is now available in private beta.
The new service was announced at Google Cloud Next OnAir online conference, which runs for nine weeks until September 8th.
Assured Workloads for Government provides access to Google’s full suite of cloud services, using enhanced features to ensure they meet the government’s highest compliance and security standards.
Confidential VMs Available From Google
The Confidential VMs product was detailed at the Google Cloud Next OnAir online conference and is now available in beta test mode. Google’s Confidential Computing portfolio of services is new tech that maintains data in an encrypted state while being processed in memory. That means it isn’t exposed to other parts of the computer system at that time, and Confidential VMs is the first product in this new portfolio.
Google’s Confidential VMs product is based in part on its work with the Confidential Computing Consortium.
Google is saying Confidential VMs will ensure that data remains encrypted no matter whetherit’s being used for analytics workloads, queries, or for training artificial intelligence models. The new VMs are a boon for any company using sensitive data. Still, Google believes that they will be of particular interest to clients in regulated sectors, like finance, for example.
GoldenHelper Malware in Official Chinese Tax Software
Golden Tax invoicing software, part of the Chinese government’s Golden Tax project, is coming with an extra payload, according to Trustwave SpiderLabs, which is a new backdoor called GoldenHelper. Before this, Trustwave discovered the GoldenSpy backdoor concealed in the Intelligent Tax application that businesses need for Chinese bank connections.
While the GoldenHelper backdoor differs entirely from GoldenSpy, the delivery process is similar. The backdoor is also used to get access to the systems of international businesses in China.
Researches have found that the GoldenHelper campaign whichcirculated the malware had been in operation from January 2018 to July 2019. In April 2020, the GoldenSpy campaign followed.
“GoldenHelper malware utilizes sophisticated techniques to hide its delivery, presence, and activity,” Trustwave explained.
GoldenHelper has multiple suspicious features, which include:
- Installing or upgrading to system-level access (UAC bypass) doesn’t need the user’s permission
- Filenames are created randomly(obfuscation)
- It uses a timestamp for “Last write” and “Creation” (timestamping)
Using .jpg, .gif, .zip bogus filenames, it tries to download executable files (obfuscation) - Management of locations of what to download and where to put it is based on DNS resolution (DNS control), where the malware uses hardcoded logic
The security threat posed remains, because it can’t be determined if it’s still operational, even if the GoldenHelper campaign isn’t active anymore.
AgeLocker Ransomware Discovered to Use Google Encryption Tool
The Age encryption tool created by a Google employee is being used by a new and targeted ransomware named AgeLocker to encrypt victims’ files. A consultant recently created a topic in online forums about new ransomware used in an attack against their client. When they reviewed the encrypted files, they found that a text header was added to each file that starts with the URL “age-encryption.org”.
The URL takes you to a repository on GitHub for an encryption utility called Age, created by Filippo Valsorda, cryptographer and Go security lead at Google.
The threat actors behind AgeLocker are using the Age command-line tool to encrypt a victim’s files, instead of encryption algorithms like AES+RSA.
While it hasn’t been determined how the threat actors are getting access to their victims’ computers, once they do, they use the Age encryption tool to encrypt the victim’s files. A custom extension created with the victim’s initials is appended to each encrypted filename while encrypting the data.
Threat actors ask for seven bitcoins, the equivalent of approximately $64,500, to decrypt the files.
Collabera Hit in Maze Ransomware Attack
A Maze ransomware attack against IT staffing firm Collabera was successfully launched by cyber attackers, according to The Register.
In the attack, the hackers used Maze to access Collabera employees’ names, addresses and other personal information, and infect its systems.
Collabera identified the malware on its network on June 8th and restored access to its backup files while investigating the nature and extent of the incident.
In response to the attack, Collabera is offering two years of Experian credit and identity monitoring services to its staff. It has also advised employees to review their bank, credit card, and other financial statements and report any suspicious transactions or fraudulent activities.
Maze infects a system, encrypts its files and demands a ransom to recover the files, according to cybersecurity company McAfee. What’s more, if a Maze victim does not make the payment, the cyber-attackers will release the victim’s stolen information.
Learn about common ransomware attack scenarios and what to do if one of these attacks affects your clients:
Further reading Ransomware Attack Scenarios
That’s a Wrap
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next week for more highlights.
Read our free guide to learn about:
- Common MSP vulnerabilities;
- How to prepare for a ransomware attack to keep your clients safe;
- Which actions response to a ransomware attack should involve;
- How to manage clients while handling an attack.