News You Might’ve Missed. 15 – 18 Mar

What's new this week in the news for MSPs? Azure made more resilient with more zones by Microsoft; network security devices are the target of a new botnet; SolarWinds hackers stole source code, says Mimecast; and the FBI says Pysa ransomware attacks on education are increasing.

Let's see what it's all about.

Azure Made More Resilient with More Zones by Microsoft

Microsoft says it is launching availability zones that will give Azure customers more outage protection, and it is maintaining cloud data centers in all the regions. The rollout was detailed in a post on the Microsoft Azure site this week.

Azure is powered by a data center system that is distributed across many locations around the world. Adding availability zones in regions where the tech isn't yet available reduces the risk of application outages for its customers who might be using unnecessary additional hardware to withstand technical challenges.

To ensure that connection latency stays at under 2ms, Microsoft places each data center close to another, but at a distance. It allows the implementation of a synchronous replication feature that is continually syncing information between standby copies of applications operating in different data centers.

Similar capabilities are being offered by Microsoft's top rivals, AWS and Google, on their cloud platforms. Moreover, all the companies let their customers distribute backups of their workloads over many regions, thus providing even more robust outage protections.

Network Security Devices are the Target of a New Botnet

Devices affected by vulnerabilities at a critical level are the target of the makers of a new botnet, with some of these affecting network security devices. These attacks are still ongoing and are using exploits that are publicly available. They have used at least ten vulnerabilities so far and, moreover, they added the most recent variant last weekend.

The Mirai botnet malware used is related to the device's specific architecture and is installed on successfully compromised devices.

Palo Alto Network's Unit 42 reports attacks by this botnet beginning in mid-February and has since been tracking its activity. Integrating the ten vulnerabilities for the botnet took its operators about a month.

According to the Unit 42 security researchers, three vulnerabilities that the attackers exploit remain unidentified, since their targets are unknown as yet.

Once the botnet operators are successful in compromising a device, they drop various binaries in. These allow them to create filter rules, run brute-force attacks, schedule jobs, or propagate the botnet malware.

SolarWinds Hackers Stole Source Code, Says Mimecast

Mimecast has confirmed this week that the state-sponsored hackers that breached SolarWinds’ network earlier this year downloaded source code from several repositories.

These hackers used the Sunburst backdoor to breach the network, a malware that the SolarWinds hackers spread to approximately 18,000 customers through a compromised software update over the SolarWinds Orion IT monitoring platform.

Mimecast added that the threat actor downloaded and accessed a small number of source code repositories. They believe the code obtained by the hackers is incomplete and will not permit them to develop a working version of the Mimecast service.

FBI Says Pysa Ransomware Attacks on Education Increasing

Pysa ransomware attacks against educational organizations are on the rise, according to the FBI. They have warned system administrators about the increased activity by the ransomware operators.

DHS-CISA and the FBI coordinated the alert that was issued this week. The warning contains the compromise indicators that will help protect institutions against the ransomware gang's malicious actions.

The FBI became aware of the Pysa ransomware escalations in attacks against the US and foreign government organizations, private companies, educational institutions, and the healthcare sector, beginning in March 2020.

Giving in to ransomware operators' demands will encourage them to target potential victims and likely fund future attacks. For this reason, the FBI recommends that victims do not pay Pysa's ransoms.

That's a Wrap for News You Might've Missed

I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.