What's new this week in the news for MSPs?
App2Container tool by Amazon makes its debut; many US websites hit in WastedLocker ransomware attacks; Maze ransomware allegedly strikes Xerox; and, new Thiefquest data wiper using ransomware in its attacks. Let's see what it's all about.
App2Container Tool by Amazon Makes Its Debut
If your company is looking to adopt containers in its cloud strategy, Amazon's new App2Container tool can help. This command-line tool quickly turns your current .NET and Java apps into containerized services without the need for any code changes.
According to AWS, the App2Container tool automates the manual tasks usually needed to containerize an application. All that is required by users is to install it where their target workload is running. The App2Container tool identifies any external dependencies that the workload needs in order to run and packages it all into Docker images to install into the containers.
AWS Launches Aerospace Unit
Teresa Carlson, the vice president of AWS's worldwide public sector business, spoke out in a blog post at the opening of the AWS Public Sector Summit Online. She declared, "What's clear is that when space is made accessible and cost-effective, there is no limit to what can be accomplished."
Amazon has begun a push into the space industry, and the establishment of its Aerospace and Satellite Solutions business unit is an integral part of that. This unit will work with both government and private sector clients on projects like satellite launches. What's more, they are interested in providing services to those involved in human spaceflight support, rocket launches, robotics, and mission control operations, in addition to others.
AWS's existing offering for its space clients is the AWS Ground Station, a network of ground-based antennas for downloading data and sending commands to satellites.
Many US Newspaper Websites Hit in WastedLocker Ransomware Attacks
Newspaper sites owned by the same parent company were hacked by the Evil Corp. group to infect the employees of approximately 30 large US private businesses. They lured the employees using fake software update alerts from the dangerous SocGholish JavaScript-based framework.
These employees' computers appear to be merely an entry point for the attackers into their company's enterprise networks. Some of the organizations targeted may have been infected when a worker browsed the news from one of its sites.
Symantec's Threat Intelligence team of researchers, who discovered the attacks, informed the parent company, so that the sites were notified and the code was cleared.
Maze Ransomware Allegedly Strikes Xerox
Xerox Corporation has been added to the list of victims of Maze ransomware. The company itself hasn't confirmed or denied the attack, but still screenshots from the attacker show at least one Xerox domain as encrypted.
The attacker says they have swiped over 100GB in data and has threatened to expose it online if Xerox doesn't engage with them regarding payment of the ransom. The ransom note says, "After the payment, the data will be removed from our disks and decryptor will be given to you, so you can restore all your files." Ten screenshots were published by Maze that show network shares and directory listings from June 24th and 25th, along with the ransom note.
Exposed remote desktop services from ransomware infections are often leveraged to gain access to domain admin accounts. From this point, they can get into more valuable target hosts on the network.
New Thiefquest Data Wiper Using Ransomware in Its Attacks
There is a new data wiper targeting macOS users, called ThiefQuest. It uses ransomware to disguise itself while it steals their files.
Attacks against the macOS platform, while uncommon, have been launched via ransomware before. FileCoder (aka Findzip), KeRanger, and Patcher are just a few examples.
ThiefQuest was analyzed by Malwarebytes' Director of Mac & Mobile, Thomas Reed, Jamf Principal Security Researcher Patrick Wardle, and BleepingComputer's Lawrence Abrams, after being found by K7 Lab malware researcher Dinesh Devadoss.
ThiefQuest can check if it's running in a virtual machine, and it also features anti-debug capabilities. It looks for standard security tools and anti-malware solutions. It opens up a reverse shell, which it uses for communication with its command-and-control (C2) server, as found by VMRay technical lead Felix Seele.
Wardle explained, "Armed with these capabilities the attacker can maintain full control over an infected host."
Learn about common ransomware attack scenarios and what to do if one of these attacks affects your clients:
Further reading Ransomware Attack Scenarios
That’s a Wrap
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next week for more highlights.
Read our free guide to learn about:
- Common MSP vulnerabilities;
- How to prepare for a ransomware attack to keep your clients safe;
- Which actions response to a ransomware attack should involve;
- How to manage clients while handling an attack.