Blog articles
Read MSP360’s latest news and expert articles about MSP business and technology
News You Might've Missed

News You Might’ve Missed. 18 – 22 May

News You Might’ve Missed. 18 – 22 May

What's new this week in the news for MSPs?
Google Wins DOD Secure Cloud Management Solution Contract; Google Announces Cloud Next OnAir Event; EasyJet Is Hacked and Loses Nine Million Customer Records; New PipeMon Malware Using Windows Print Processors; NetWalker Ransomware Group Moving to Target Enterprises Only; and Texas Department of Transportation Hit by Ransomware Attack. Let's see what's going on.

Google Wins DOD Secure Cloud Management Solution Contract

Google LLC announced that the US Department of Defense has awarded them a contract to build a secure cloud management solution. According to a report from Axios, the deal is valued at over seven figures. To develop the solution, the department has commissioned Google to work with the cybersecurity startup Netskope, Inc.
The project's overall goal is to help the DOD "detect, protect against, and respond to cyber threats worldwide," Google said in the announcement.
Google's top cloud rivals, AWS and Microsoft, are currently embroiled in a high-profile legal battle over another DOD deal. Their dispute started last year, after Microsoft was awarded the DOD's $10m JEDI project.

Google Announces Cloud Next OnAir Event

If you've been waiting for Google's announcement about their annual cloud event, it's still on. Get ready, because Google LLC's annual cloud event is going digital and, in addition to its new date, has a new name and an expanded format that will extend over no less than nine weeks.
Beginning on July 14th, Google Cloud Next OnAir will run until Sept 8th, with more than 200 sessions covering a host of topics. Google had initially planned to hold the event in San Francisco in April; however, the coronavirus pandemic forced them to cancel it.
Google Cloud CMO Alison Wagonfeld said that virtual attendees would get access to a Digital Showcase to view cloud offerings. "Immerse yourself in our newest products and solutions in the Digital Showcase. Play games, watch real-world demos, and experience the latest Google Cloud technology," Wagonfield wrote in a blog post.

EasyJet (UK) Is Hacked and Loses Nine Million Customer Records

Following discussions with the UK Information Commissioner's Office, EasyJet disclosed details regarding the hacking.
In its notice of the cybersecurity incident, easyJet describes the attack as originating from a highly sophisticated source. It also said that the email addresses and travel details of about nine million customers had been accessed. What's more, the credit card details of 2,208 customers were also stolen.
"Since we became aware of the incident, it has become clear that, owing to COVID-19, there is heightened concern about personal data being used for online scams," easyJet Chief Executive Officer Johan Lundgren commented in his statement. "As a result, and on the recommendation of the ICO, we are contacting those customers whose travel information was accessed and we are advising them to be extra vigilant, particularly if they receive unsolicited communications."
Anurag Kahol, CTO at the cloud security firm Bitglass, Inc., commented that, even if it's not clear how the hackers infiltrated easyJet's systems, the company's description of a "highly sophisticated" attack shows that cybercriminals are continually advancing their attack methodologies. "As such, companies must have full visibility and control over their data by implementing tools that detect and remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information," he said.

New PipeMon Malware Using Windows Print Processors

Video game companies are once again victims of the Winnti hacking group. The group uses new malware that researchers have called PipeMon. PipeMon is a piece of modular backdoor malware uncovered earlier this year.
This threat actor is well known for supply-chain attacks and has trojanized software used by millions of users (Asus LiveUpdate, CCleaner) or in the financial sector (NetSarang).
Winnti has been developing its arsenal of malicious agents and carrying out attacks for the past ten years. It continues with its preference for games companies and supply-chain type attacks, as can be seen in its recent activities.

Learn about common ransomware attack scenarios and what to do if one of these attacks affects your clients:

Further reading Ransomware Attack Scenarios

Netwalker Ransomware Group Moving to Target Enterprises Only

As a ransomware-as-a-service (RaaS) operation, NetWalker relies on partners to disseminate the malware. Now, the NetWalker ransomware group is moving away from phishing for malware distribution. It has adopted a network-intrusion model focusing on huge businesses only.
"The collective is selectively choosing the affiliates it collaborates with, creating an exclusive group of top-tier network intruders to execute its new RaaS business model," said Yelisey Boguslavskiy, director of security research at Advanced Intelligence (AdvIntel).

ON-DEMAND WEBINAR
Ransomware: Prevent or Recover
Watch the webinar and prepare yourself and your customers with the right approach and the right tools
New call-to-action
Webinar icon

Texas Department of Transportation (TxDOT) Hit by Ransomware Attack

Texas is having a bad month. Less than a week ago, the Texas courts were victim to a ransomware attack, and now the state's Department of Transportation (TxDOT) has been hit by a similar incident. In a brief announcement on social media, TxDOT said that it detected the attack on Thursday, May 14th. Further investigation revealed that the event was part of a ransomware occurrence.

  New call-to-action

Immediate action was taken to isolate affected computers from the network and block further unauthorized access. Executive Director James Bass says that the agency is "working to ensure critical operations continue during this interruption."
There is no information that points to the two incidents being connected in any way. Neither TxDOT nor OCA has said anything about a ransom demand, or files being encrypted or stolen.

That's a Wrap

That's the news in summary for MSPs this week. I hope it has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next week for more highlights.

WP icon

New call-to-action
The MSP’s Response Guide to a Ransomware Attack

Read our free guide to learn about:

  • Common MSP vulnerabilities;
  • How to prepare for a ransomware attack to keep your clients safe;
  • Which actions response to a ransomware attack should involve;
  • How to manage clients while handling an attack.