What's new this week in the news for MSPs?
Microsoft VMware Solution preview launches; Fresenius Hospital suffers ransomware attack; Microsoft's Github account allegedly Hacked and 500GB stolen; Cisco Webex hit by phishing scam; GoDaddy data breach exposes 28K hosting accounts; and Layoffs.fyi shares job info and layoffs. Let's see what's going on.
Microsoft Launches VMware Solution Preview
Microsoft Corporation announced the preview of its Azure VMware Solution. This service will make it easier and cheaper for its customers to migrate VMware applications to the cloud. Jason Zander, executive vice president for Azure, called the service "an amazing milestone" for both Microsoft and VMware. He says it will help them to "meet our customers where they are today on their cloud journey”.
The new Azure VMware Solution lets customers use the same foundation of VMware as they do in their data centers. It makes it possible for Microsoft's customers and partners to make use of their existing skills and toolsets.
Since it is built on top of the VMware Cloud Foundation, this allows VMware workloads to run on Azure natively. Microsoft has more plans to integrate the service with other Azure services in the future, so this is just the beginning.
Fresenius Hospital Suffers Ransomware Attack
Fresenius SE & Co. KGaA is Europe's largest private hospital operator and has been struck by a ransomware attack. As a result, treatments for COVID-19 patients have been affected in cases where some of its systems have been restricted.
Fresenius, which also holds 40% of the market for kidney dialysis in the US, since COVID-19 patients often require dialysis, was targeted by Snake ransomware.
Snake ransomware was first discovered in January. Once it infiltrates a system, it will remove Volume Shadow Copies and then kill many processes related to SCADA (short for supervisory control and data acquisition) systems. It will also kill processes for virtual machines, industrial control systems, remote management tools, and network management software, among others.
Subsequently, it goes on to encrypt files across every connected device.
The scale of the infection at Fresenius is not known, but systems in the US have been said to be infected. Fresenius itself confirmed the attack in a statement in which it said that it "has detected a computer virus on the company's computers in many areas”.
They have taken the necessary measures to stem the further spread of the attack, and they are continuing business as usual, despite the limitations due to the effects of the attack. They give assurances that their hospital business has not been harmed at all.
Javvad Malik, a security awareness advocate at KnowBe4 Inc., noted that it's even more unfortunate that criminals are attacking and crippling systems belonging to hospitals and other medical facilities during a pandemic. "It's important for organizations to not slow down in their cybersecurity efforts," Malik said.
Microsoft's Github Account Allegedly Hacked and 500GB Stolen
A hacker known as Shiny Hunters contacted BleepingComputer to inform them that he had hacked into the Microsoft GitHub account. According to him, this gave him full access to Microsoft's private repositories and allowed him to steal 500GB of data.
While Shiny Hunters initially planned to sell the information, he is now just leaking it for free.
Based on BleepingComputer's review of the data, it doesn't appear that there is any sensitive or proprietary information in what he stole.
The Twitter account for "Under The Breach" recently tweeted that they believed the data appeared real, but a Microsoft employee, Sam Smith, replied, stating that he thought the leak was fake, as "Msft has a ‘rule’ that GitHub repos must be public within 30 days”.
BleepingComputer is waiting for confirmation from Microsoft on whether the files are real or not.
Cisco Webex Hit by Phishing Scam
Cisco Webex is a video and team collaboration solution. It helps users set up video conferences, webinars, and online meetings, and share their screens with their colleagues and friends. Right now, the platform is facing an influx of new users due to the unusual increase in remote workers caused by the COVID-19 pandemic.
Recently, a convincing series of phishing attacks using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails are making the rounds. The goal is to steal users' account credentials. Phishing emails have already landed in the mailboxes of up to 5,000 targets that use Cisco Webex, according to statistics shared by the email security company Abnormal Security.
The phishing emails appear to come from the Cisco Webex team and warn the targets that they have to reverify their accounts due to SSL certificate errors, and that they are blocked. After this, they are requested to click on an embedded “Log in” hyperlink that lets them sign in to unlock their accounts.
The phishing landing page is a replica of a real Cisco Webex sign-in page and, once the user logs in, their credentials are compromised.
GoDaddy Data Breach Exposes 28K Hosting Accounts
GoDaddy noticed unusual activity on some servers late last month that led to the discovery of a data breach. GoDaddy has reached out to the affected customers, according to their statement. From what is known, an unknown person was able to access GoDaddy hosting accounts using the Secure Shell (SSH) cryptographic network protocol in October. GoDaddy reset the hosting account log-in information for the customers concerned, in order to prevent further access.
A lot of questions remain about the breach. "It's unclear whether GoDaddy's reported incident was because of the reuse of old stolen credentials or from brute force attacks," said Matt Walmsley, Europe, Middle East, and Africa director at cloud-native protection firm Vectra AI Inc. "There have also been recent reports of GoDaddy's support employees being successfully phished, which might be connected. Regardless of how the unauthorized access was gained, it's a sharp reminder that the monitoring of how privileged credentials are used, not just granted, can make the difference between detecting an active attack and being blissfully ignorant to a breach."
Layoffs.fyi Provides List of COVID-19 Layoffs by Startups, and Info on Job Seekers
It appears COVID-19 is resulting in a lot of tech layoffs among startup companies. Layoffs.fyi is a site that gives specific information about very skilled tech people who have been laid off and are available for work.
The site could also help track startups where MSPs have provided services.
That's a Wrap
That's the news for MSPs this week in summary. I hope it has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next week for more highlights.
- Phishing response checklist
- Phishing awareness training slides
- Anti-phishing posters
