Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
News You Might've Missed

News You Might’ve Missed. 15 – 18 Feb

News You Might’ve Missed. 15 – 18 Feb

What's new this week in the news for MSPs? Data security in Power BI business intelligence apps see enhancements at Microsoft; Microsoft Azure Firewall Premium public preview out; Doppelpaymer ransomware allegedly strikes KIA Motors America; Clop ransomware attack steals files at Jones Day law firm; and Centreon IT monitoring software tool exploited by Sandworm hackers.Let's see what it's all about.

Data Security in Power BI Business Intelligence Apps Security Gets a Boost at Microsoft

Due to the pandemic, more firms are shifting to the cloud, and working remotely is more than ever the norm. On Wednesday, Microsoft revealed new security features for its Power BI product to help companies keep sensitive information private.

The latest enhancements for Power BI in Microsoft Azure will ensure that data is secure when employees use cloud data throughout the business. There is no danger of its being leaked, regardless of where their employees are located. It also ensures the information is appropriately protected and governed.

Business employees use Power BI to take raw data such as sales figures and convert it into graphs and other visualizations that help give a clearer picture of business performance. The new premium features include network isolation features, service tags, and private links that will allow Power BI to offer secure access in the Azure cloud through private endpoints.

Microsoft Azure Firewall Premium Public Preview Out

According to Microsoft, firms with extremely sensitive environments can now take advantage of Microsoft's Azure Firewall Premium, as a preview is now available to the public.

In addition to its Azure Firewall Standard, Azure Firewall Premium will provide TLS Inspection, IDPS, URL filtering, and Web categories. It will also employ the global resource Firewall Policy, which manages firewalls centrally using Azure Firewall Manager.

Azure customers will still be able to use Firewall Rules (Classic), and all of the Azure Firewall Standard features as well.

An Azure subscription and a free account are required to deploy and configure Azure Firewall Premium Preview. Additionally, Microsoft is offering a template that is necessary to complete testing of the Azure Firewall Premium environment.

DoppelPaymer Ransomware Strikes Kia Motors America

This week Kia Motors acknowledged a mass system outage, with a $20 million ransom demand. The ransom note was first revealed by BleepingComputer and said the attack was on the parent company, and the disruption had a significant influence on Kia’s apps. They also stated that any delay in payment might increase the ransom to $30 million.

So far Kia Motors America is denying that the outage they are facing is due to a ransomware attack. In a statement to Drive, they said, "At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a 'ransomware' attack."

Security experts say these types of attacks are often spread through phishing emails. Businesses should train employees to identify and report suspected phishing emails that may be a method of initiating an attack.

Learn what are the best practices of responding to ransomware attacks in our article: Designing a Ransomware Response Plan 

Clop Ransomware Attack Steals Files at Jones Day Law Firm

Files stolen from the Jones Day law firm have been published on the Dark Web by the Clop ransomware group. According to an anonymous source, the attack was financially motivated.

News and screenshots of the stolen Jones Day files were first reported by Databreaches, proving that the Clop ransomware gang has the files. The group told the site that the law firm's files weren't encrypted, only stolen. Jones Day hasn't responded to requests from the ransomware group.

According to a Wall Street Journal report, a compromise of the FTA file-sharing service from Accellion was the point of the attack. It added that it could not only view some files but could also "see the existence of many more files — mammoth in size — also purported to belong to Jones Day." Many companies using the Accellion file transfer service have also been compromised, according to several sources.

The MSP’s Response Guide to a Ransomware Attack [PDF]

Centreon IT Monitoring Software Tool Exploited by Sandworm Hackers

According to France's cybersecurity agency ANSSI, Russian military hackers known as the Sandworm group are behind a three-year-long attack in which they infiltrated several French companies running the Centreon IT monitoring software.

The attack spanned from 2017 to 2020, and it seems they targeted victims on the Centreon IT monitoring system where the device remained connected to the Internet. A web shell was dropped on several Centreon servers, according to ANSSI, as a backdoor. An antivirus software company also discovered another backdoor.

ANSSI is now advising and pressing both French and international firms to inspect their Centreon installations. They should be looking for two malware strains identified as P.A.S. and Exaramel that serve as a sign of Sandworm attack in the last few years.

That's a Wrap for News You Might've Missed

I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.

The MSP’s Response Guide to a Ransomware Attack

Read our free guide to learn about:

  • Common MSP vulnerabilities;
  • How to prepare for a ransomware attack to keep your clients safe;
  • Which actions response to a ransomware attack should involve;
  • How to manage clients while handling an attack.