What's New This Week in the News for MSPs? AWS Outposts now includes Amazon S3 storage; Google Cloud set to expand in Europe, the Middle East, and Africa; French shipping conglomerate CMA CGM S.A. hit by Ragnar Locker ransomware; United Health Services hit by ransomware taking them offline; Exorcist 2.0 ransomware pushed by fake software sites; Arthur J. Gallagher insurance group hit by ransomware; and new technique used in phishing campaign targeting corporate Microsoft Office 365 accounts.
Let's see what it's all about.
AWS Outposts Now Includes Amazon S3 Storage
In a recent announcement, Amazon Web Services Inc. said its S3 storage service is now available on its hybrid cloud service, dubbed AWS Outposts.
Amazon announced its AWS Outposts service in December at the AWS re:Invent program. Outposts is a hybrid cloud platform that helps Amazon customers extend their native AWS or VMware cloud to their on-premises data centers. The service is essentially similar to the Azure Stack offer by Microsoft Corp.
Amazon's recent announcement means that its customers can now use the standard Amazon S3 app programming interfaces for storing and retrieving data.
Lower latency and a reduction in data transfers are the primary advantages for users, according to Amazon. Tasks related to filtering, compression, and preprocessing can be done using local data.
Google Cloud Set to Expand in Europe, the Middle East, and Africa
A recent announcement by Google LLC reveals plans for boosting its cloud presence in Europe, the Middle East, and Africa, involving more partnerships, collaborations, and promotions.
Google Cloud's virtual event NextOnAir EMEA has also begun a five-week online summit for clients and developers to converse on the current cloud computing sphere. Google has been working closely with partners to keep EMEA businesses up and running during the COVID-19 pandemic, according to Chris Ciauri, Google Cloud's EMEA president, in a recent blog post. He also explained that Google has already expanded its EMEA presence with the inclusion of new cloud regions in Italy, France, Spain, and Poland.
In addition, he stated that the new Spanish territory based in Madrid is leveraging infrastructure from the telecommunications company Telefonica S.A., to help the progress of 5G over the Google Cloud Edge Computing platform.
New Technique Used in Phishing Campaign Targeting Corporate Microsoft Office 365 Accounts
Corporate Microsoft Office 365 usernames and passwords are the target of a new increase in phishing emails that have hit a wide range of organizations. The recent spate of phishing messages uses captchas as an unusual technique to lull end users into a false sense of security.
The cybercriminals are utilizing a set of captchas to help their campaign. Online services usually use these to ensure security by requiring human input.
Finance, technology, pharmaceuticals, oil manufacturing, government, gas, and hospitality are some of the industries targeted in these campaigns.
Cybersecurity researchers at Menlo Security were the first to discover and report this campaign and say that it involves phishing emails that contain links that direct to a web page posing as a Microsoft Office 365 log-in portal.
It is likely that the attacks are customized to be specific to the selected target. Since people are now accustomed to a captcha page serving as a security check, it could be an attempt to make the fake log-in page appear as more legitimate.
Users are presented with a second-stage captcha with images of bicycles and a third stage that asks users to identify the tiles containing a crosswalk. Only then will they be taken to the fake Office 365 log-in page.
Researchers say that the additional checks help keep automated services from reaching the phishing page and potentially identifying it as malicious. The system provides cyberattackers with a higher chance of stealing the targeted log-in credentials.
As usual, it's recommended that organizations enforce multi-factor authentication. Users should be cautious of opening attachments or links in emails that come from unknown sources.
Learn about the most common types of phishing attacks that occur today, and get the best practices for preventing phishing:
Further reading Guide to Staying Safe from Phishing
United Health Services Hit by Ransomware Taking Them Offline
A leading healthcare organization in the US, United Health Services Inc., has been struck by a ransomware cyberattack that took their systems offline in several states.
The hospital chain has been hit by "what appears to be one of the largest medical cyberattacks in United States history," according to CNBC. The extent of the attack is unclear, but several UHS hospitals had to resort to pen and paper to file patient information.
According to reports, the target was UHS Hospitals in California, which means the organization is obliged to disclose the potential data theft under the California Consumer Privacy Act, and the clock is ticking.
The problem is that perimeter security solutions inevitably fall short against increasingly sophisticated ransomware attacks, according to Sanjay Jagad, senior director of products and solutions at Cloudian Inc.
Exorcist 2.0 Ransomware Pushed by Fake Software Sites
PopCash malvertising redirects users from legitimate sites to a fake software crack site, says security researcher, Nao-Sec. The phony site acts as though it is downloading links to programs that break copyright protection so that commercial software can be used for free.
For example, in one instance, the site pretends to offer a 'Windows 10 Activator 2020' that will allow you to activate Windows 10 for free. The downloaded archive file contains a text file that contains the password for the partner file, another password-protected zip archive. This method allows the download to occur without being detected by Microsoft SmartScreen, Google Safe Browsing, or installed security software, due to the password protection on the file.
If the user runs the setup program, they will find that their files have become encrypted rather than the Windows 10 activator being installed. The encrypted folders include ransom notes containing unique links to a Tor payment site where a victim can get information on how to pay a ransom.
From Excorcist ransom notes seen by BleepingComputer, demands vary and can be as low as $250 or as high as $10,000.
If Exorcist continues with its current fake software cracks to distribute its ransomware, an increase in the number of victims is inevitable.
4 white-label posters to help you educate your end-users on how not to get hit by ransomware.
Arthur J. Gallagher Insurance Group Hit by Ransomware
A ransomware attack was confirmed by the Arthur J Gallagher brokerage and risk management firm. The firm has more than 33,300 employees and operations in 49 countries and is one of the largest insurance brokers internationally.
The ransomware attack was detected on September 26, 2020, with only a limited number of the company's internal systems being affected, according to AJG.
In an 8-K filing with the US Securities and Exchange Commission (SEC), AJG said, "We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers."
Troy Mursch, chief research officer at cybersecurity intelligence firm Bad Packets, suggested that AJG had two F5 BIG-IP servers vulnerable to CVE-2020-5902 before the ransomware cyberattack occurred.
Learn about ransomware protection strategies and get tips on how to protect your and your customers' businesses in this guide:
Further reading How to Protect Against Ransomware
That's a Wrap for News You Might've Missed
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.
Read our free guide to learn about:
- Common MSP vulnerabilities;
- How to prepare for a ransomware attack to keep your clients safe;
- Which actions response to a ransomware attack should involve;
- How to manage clients while handling an attack.