What's new in the news this week for MSPs? Another week in quarantine and shutdown for many of us. Amazon releases its investigator service for general use, and Microsoft rebrands Office365. Meanwhile, hackers and other breaches predominate. The world is moving ahead, with lots of changes afoot. Let’s see what's going on.
Amazon's Detective Service is Now Available
What is Amazon's Detective Service? It is a service that boosts alert systems through the use of artificial intelligence, statistical analysis, and graph theory. Amazon's launch of the service to the public comes only three months after its launch as a preview.
This new service from Amazon can analyze trillions of events from many data sources, for example, IP traffic and virtual private cloud flow logs, as well as Amazon services such as AWS CloudTrail and AWS GuardDuty. Administrators can then get an interactive view of resources and users, as well as their interactions with each other.
It continuously updates this in real-time as more data becomes available. Amazon's Detective Service gives administrators a more comprehensive way to identify the cause of any malicious activity.
Microsoft Corporation Rebrands Office 365
On April 21st, Office 365 becomes Microsoft 365, Microsoft announced this week. What’s more, the newly branded product it is updating to include a bevy of artificial intelligence features.
At the top of the pile, we find updates to Word. The AI tool that is part of the editor will now help rephrase sentences to improve readability, in addition to its grammatical features.
Their longer-term plans for the AI assistant go far beyond the Word interface. It will be present in many of the online versions of their applications, including Outlook and the free outlook.com service. It will also have an extension for the Chrome and Edge browsers.
The Powerpoint assistant is a "Presenter Coach" that will help to get a presenter's tone of voice across to their audience. It will make recommendations to help them avoid giving a monotonous delivery.
All the applications will have upgrades that are meant not only to improve the apps themselves but also to help change Microsoft Office 365's image. They hope to move from the business office suite persona to one that is very usable in their customers' personal lives.
Data Exposed by SOS Online Backup
The latest news of a company failing to secure its cloud storage concerns the cloud backup provider SOS Online Backup, who allowed 135 million records to become exposed online. Noam Rotem and Ran Locar at vpnMentor are the researchers who made the discovery.
The discovery last November led to the SOS Backup Data database being taken offline on December 19th, after several attempts had been made by the researchers to communicate with the company.
SOS Online Backup brands itself as a secure cloud-based backup provider with award-winning bulletproof backup. Such branding makes this occurrence very ironic. The data exposure is bad for the company's reputation and puts those of its clients that had their data exposed at risk of many types of attacks and fraud.
SOS Online Backup has yet to comment on the incident.
Rise in Fake Zoom Domains Targeting Remote Workers
Researchers at Check Point Software Technology Ltd have observed a rise in the number of fake Zoom domains being registered. To date, they have found 1,700 new domain names containing the word "Zoom" since January, 25% of the registrations having taken place in the last week.
Additionally, they found others offering malicious files that purported to be Zoom software. For example, one version of fake Zoom software included the InstallCore application, which installs other possibly unwanted applications on a victim's computer.
"This increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced and are seeing it as an opportunity to deceive, lure and exploit people," said Omer Dembinsky, manager of cyber-research at Check Point.
Microsoft SQL Servers Targeted in “Vollgar” Hacking Attack
A hacking campaign dating back to 2018 is targeting Microsoft SQL servers. It comes with a payload of data-stealing malware and Monero crypto-mining code. Security researchers at Guardicore Labs made the discovery and subsequently reported it.
The malicious "Vollgar" campaign involves hackers using brute-force password hacking to breach targeted MS-SQL hosts. After gaining access, hackers install back doors and execute a range of malicious modules. For example, multifunctional remote access tools and crypto-miners are a part of the package.
Thousands of servers are becoming infected daily, with the victims spread across various industry sectors. Some of these include healthcare, aviation, information technology, telecommunications, and higher education.
Hospitals Targeted by Ryuk Ransomware During Coronavirus Pandemic
Some cybercriminals are discouraging others from refraining from targeting hospitals and other medical providers. Such attacks are continuing during the global coronavirus pandemic. According to a report from BleepingComputer, in the last month Ryuk has targeted ten health organizations. These include two independent hospitals, as well as another healthcare provider with a network of nine hospitals in the US.
Ryuk was initially believed to be North Korean, but a recent investigation found ties to a Russian crime syndicate. The high-profile attacks on Florida cities in June and on the North Carolina water utility in October 2018 were linked to Ryuk. Most recently, it was involved in the attack against Mexican state-owned petroleum company Petróleos Mexicanos and the US Coast Guard.
"Healthcare is the richest target for hackers, who are never going to let the proverbial crisis go to waste," said Colin Bastable, chief executive officer of security awareness training firm Lucy Security AG. Security teams can minimize the risk of successful ransomware attacks through security awareness training.
Data Breach at Marriott Affects Up to 5.2 Million
The personal information of roughly 5.2 million hotel guests was exposed online in January and February 2020, Marriott has reported. They have assured customers that the type of data didn't include Convoy account passwords or PINs, payment card information, passport information, national IDs, or driver's license numbers. They added that they took action as soon as they discovered the leak, including disabling log-in credentials, increasing security monitoring, and informing customers.
They are offering affected guests the option to enroll in the IdentityWorks personal information monitoring service free of charge for one year.
That's a Wrap
That's the week in summary. I hope this overview has been helpful. MSP360 is your resource for MSP news. Stay healthy and check back next week for more highlights.
- Find out how to prepare your team
- Tips for preparing your customers
- List of essential tools
