News You Might’ve Missed. 29 Mar – 01 Apr

What's new this week in the news for MSPs? Serverless database migration service goes live from Google; Ubiquiti Networks whistleblower says data breach “catastrophic”; Black Kingdom ransomware group hacked 1.5k exchange servers says Microsoft; reports say SolarWinds hackers accessed emails of top DHS officials; and more than $20m in losses after ransomware attack says CompuCom.

Let's see what it's all about.

Serverless Database Migration Service Goes Live from Google

This week Google made its Database Migration Service live, making it generally available to its customers. The launch comes four months after introducing the new tool in preview. Its main goal is to help companies take their business apps to its public cloud.

With this offering, Google will provide better support to customers seeking to modernize their on-premise workloads. It should make moves to the Google Cloud Platform less stressful for some organizations.

One of the more challenging issues when moving an app to the cloud is shifting the database where it keeps its information. In most cases, admins have to make extensive configuration modifications to the original database environment. Then, they set up a secure connection to transfer the data.

With the Database Migration Service, Google says the process has been streamlined and is considerably faster. Many tasks, such as setting up the connection, are automated through pre-packaged scripts. The approach simplifies some of the configuration setup involved in work such as this.

Beyond expediting the initial configurations, the Database Migration Service assuredly will reduce the amount of time required for data transfers from the source database to Google Cloud.

Ubiquiti Networks Whistleblower Says Data Breach ”Catastrophic”

The whistleblower involved in the Ubiquiti Networks data breach says that officials downplayed the incident and that the incident should be called ”catastrophic”. The company's IoT devices and network equipment began sending emails to customers regarding a security breach on January 11th.

According to the company, someone gained unauthorized access to Ubiquiti systems, which are cloud-hosted using a third-party provider. The third-party service was storing account information for the ui.com web portal, a device management service for its customers.

According to the third-party vendor, it was likely that personal information was exposed in the breach, including names, salted/hashed password credentials, and email addresses. While Ubiquiti did not elaborate on how many customers were affected, they said that customers were asked to enable 2FA (two-factor authentication) and change their passwords.

After highlighting his concerns, the source spoke to KrebsOnSecurity. He claims that the third-party cloud provider explanation was a bit of smoke and mirrors and that the data breach was massively soft-pedaled to protect the company’s stock value. According to the reports' source, the cybercriminals obtained admin access from credentials stored and stolen from an employee's LastPass account credentials.

Black Kingdom Ransomware Group Hacked 1.5k Exchange Servers, Says Microsoft

Microsoft found web shells spread by Black Kingdom operators on nearly 1,500 Exchange servers with ProxyLogon attack weaknesses. Not all of the web shells found had progressed to the ransomware phase, according to Microsoft's 365 Defender Intelligence Team.

BleepingComputer did an analysis of Black Kingdom ransomware where the malware created a ransom note demanding bitcoins to the value of $10,000 to get a decryption key. In the note, the victims are warned that their data was stolen before their devices were encrypted. Further, it said they would spread the data publicly if they didn't pay the ransom.

In some instances, Microsoft saw that a ransom note was created when they didn't encrypt the device. They aren't sure if it was merely a failed encryption or the operators were stealing data to ransom.

Black Kingdom ransomware is the second confirmed operator targeting unpatched Microsoft Exchange servers that have ProxyLogon exploits.

Reports Say SolarWinds Hackers Accessed Emails of Top DHS Officials

The US Department of Homeland Security is the latest confirmed victim in the renowned SolarWinds Worldwide LLC hacking. Email accounts of the then-head of DHS and staff were compromised.

Besides FireEye and Cisco, other known victims of the attack are the Treasury, the US Commerce Department, the National Finance Center, the State Department, the National Institute of Health, the US Energy Department, and the Nuclear Security Administration.

Experts say we may never fully know how many government entities and companies have been affected by the SolarWinds hack. Last month it was approximately 18,000, but that number is climbing.

More Than $20m in Losses After Ransomware Attack, Says CompuCom

The American managed services provider CompuCom says it anticipates over $20 million in losses after the DarkSide ransomware attack that disabled most of its systems.

The overwhelming majority of the expenditures will be devoted to restoring impacted services and systems and address specific attack issues, however, CompuCom anticipates that some costs that occurred after the attack will be covered by cyber-insurance.

The MSP expects to have service delivery restored to all of its customers by the end of March, it says. According to the company's FAW, the cybercriminals deployed Cobalt Strike backdoor that gave a further spread to other network devices. The data was stolen on February 28th.

That's a Wrap for News You Might've Missed

I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.