What's new this week in the news for MSPs? Amazon announces AWS network firewall to block cloud threats; new serverless Database Migration Service from Google; Google launches Cloud Armor Adaptive Protection to prevent DDoS attacks; Egregor ransomware new trick besieges victims' printers with ransom notes; REvil ransomware attacks hosting provider Managed.com; and new Jupyter trojan malware steals usernames and passwords.
Let’s see what it’s all about.
Amazon Announces AWS Network Firewall to Block Cloud Threats
With the aim of increasing its presence in the cybersecurity industry, Amazon announces its AWS Network Firewall. The new entry from Amazon is a managed firewall service meant to protect its customers' cloud infrastructures from malicious traffic.
While all firewalls filter malicious traffic on networks to block them from accessing their applications, Amazon is going beyond the current methods that administrators use to modify filtering, and has added new ways to optimize the AWS Network Firewall. For example, it can stop or allow packets based on their IP addresses, which section of the infrastructure they're going to, and other parameters.
According to Amazon, it has a signature-detection engine that sifts through network traffic, analyzing byte sequences associated with malicious activity patterns. It can also identify hacking campaigns seeking to exploit software vulnerabilities in cloud environments, among others. Brute-force attacks, such as efforts to figure out a database password through repetitive login attempts, will also be detected.
New Serverless Database Migration Service From Google
Google's announcement this week introduces its Database Migration Service. It is a new serverless option to simplify database moves to its public cloud for customers. It begins by importing the contents of SQL deployments that are running in on-premise environments or a competitor's cloud, such as Amazon Web Services or Azure Cloud, into Google's SQL Server database server.
Future plans include the addition of support for PostgreSQL and SQL Server databases.
This tool was created to overcome the tediousness of such moves using traditional methods. The task also comes with many risks due to human error, and Google is hopeful its new Data Migration Service will alleviate some of these.
Google Launches Cloud Armor Adaptive Protection to Prevent DDOS Attacks
Google's announcement this week launches its new feature, dubbed Google Cloud Armor Adaptive Protection. The new feature will advance intelligent automation within its cloud network security controls. It is part of Google's Cloud Armor offering, to help protect services running in Google Cloud, on-premises systems or other clouds, from extensive DDoS attacks.
The new feature relies on machine learning to analyze each web service's security signals in order to detect any possible attack. What's more, it can protect against even the more significant volume attacks.
It learns what typical application and services traffic looks like and quickly identifies problems when something is wrong. Adaptive Protection will generate an alert automatically when it thinks an attack is active on the network. Additionally, it provides details on why it thinks the traffic it has detected is malicious, as well as rules to mitigate the attack.
Customers will get all the context needed to determine whether they need to stop the potentially malicious traffic without spending hours analyzing traffic logs to triage the ongoing attack first.
Egregor Ransomware New Trick Besieges Victims' Printers With Ransom Notes
Egregor ransomware's new trick to get a victim's attention after an attack is to print ransom notes from all available printers. Cybercriminals know that firms try to keep ransomware attacks out of sight of the public and even employees, as such disclosure can impact their business reputation and stock prices.
The Egregor operation is well known for repeatedly printing ransom notes on all available network and local printers in order to increase awareness of the attack and pressure their victims.
BleepingComputer recently observed it in action during an attack after Egregor's attack on retail giant Cencosud. They have determined that it is not the ransomware executable that performs the printing of ransom notes. Instead, the ransomware attackers are thought to utilize a script at the end of an attack that prints out ransom notes on all available printers.
REvil Ransomware Attacks Hosting Provider Managed.com
Managed.com, a managed web hosting provider, has taken all servers offline while struggling to recover from a recent REvil ransomware attack. Last Monday, they made an announcement clarifying that they had suffered an issue affecting the availability of their hosting services, and were investigating the matter. Tuesday, it was confirmed by ZDNet that Managed.com was the target of a ransomware attack. To protect their customers’ data integrity, they took all their systems offline.
Since the disclosure of the attack, multiple sources have told BleepingComputer that Managed.com was hit by the ransomware operation known as REvil. What's more, the ransomware malefactors have demanded $500 thousand in ransom to provide a decryptor.
At this point, it's not known if they stole unencrypted files before encrypting the devices.
New Jupyter Trojan Malware Steals Usernames and Passwords
A new trojan malware campaign is targeting businesses and higher education. It appears to be an effort to steal usernames, passwords, and other private information and create a permanent backdoor on compromised systems. It was found on the network of an unnamed higher-education provider in the US.
Jupyter arrives disguised in a zipped file and frequently appears using Microsoft Word icons and file names that require urgent action. For example, they look as if they pertain to essential documents, travel details, or a pay increase. While the operators' motives are unclear at this time, it's thought that cybercriminals may use it for access to networks in future attacks. Subsequently, they may steal sensitive data or sell the logins and backdoor access to other cybercriminals.
That's a Wrap for News You Might've Missed
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.