Blog Articles
Read MSP360’s latest news and expert articles about MSP business and technology
News header

News You Might’ve Missed. 7 – 11 Dec

News You Might’ve Missed. 7 – 11 Dec

What's new this week in the news for MSPs? Amazon adds more services to its marketplace; Netgain victim of a ransomware attack; ransomware attack hits leading electronics firm Foxconn; cybersecurity firm FireEye hacked; and NSA advisory says Russian cybercriminals are exploiting vulnerabilities in VMware.

Let's see what it's all about.

Amazon Adds More Services to Its Marketplace

With plans of further expanding the AWS Marketplace, Amazon is calling on its partners to help. This week, AWS revealed many new features for the back end and options that will give third parties opportunities to provide management offers and subscriptions. This will also benefit large enterprises and business customers interested in more significant software installations.
Amazon say they want to turn the cloud platform into a software supply chain outfit.
The goal is to offer a single source for licensed software and now add management and training services.

Netgain Victim of a Ransomware Attack

Netgain, a cloud hosting and information technology services provider, has been struck by a ransomware attack that has obliged the company to take some of its data centers offline.

BleepingComputer says that Netgain first informed its customers about the attack on November 24. On December 4, an email gave an advisory to customers of possible outages or slowdowns related to the cyberattack. Another email to its customers on December 5 said the company was forced to shut down some of its data centers while it remediates and contains the ransomware.
It’s uncertain how many clients have been specifically affected. Netgain is a cloud hosting and IT services provider for financial services and healthcare providers.

Poster Pack
MSP's Ransomware Awareness Poster Pack

4 white-label posters to help you educate your end-users on how not to get hit by ransomware.

New call-to-action

Ransomware Attack Hits Leading Electronics Firm Foxconn

Over the Thanksgiving weekend, the leading electronics firm Foxconn was hit by a ransomware attack at a location in Mexico. The DoppelPaymer gang was responsible for the attack and published files belonging to Foxconn on their ransomware data leak site.
According to sources in the cybersecurity industry, Foxconn was hit by the attack around November 29 at their Foxconn CTBG site in Ciudad Juarez, Mexico.
The ransom note that the cybercriminals left on the Foxconn servers includes a link to Foxconn's victim page on DoppelPaymer's Tor payment site. They are demanding a 1804.0955 BTC ransom, which, at current bitcoin prices is around $34,686,000.
The ransomware gang says they encrypted about 1,200 servers, deleted 20-30 TB of backups, and stole 100 GB of unencrypted files. Foxconn confirmed the attack to BleepingComputer, saying they are slowly bringing their systems back into service.

Cybersecurity Firm FireEye Hacked

It’s suspected that state-sponsored hackers were behind the FireEye attack, in which security testing tools were stolen. Experts describe those behind the cybercriminals as “a nation with top-tier offensive capabilities.” The explicit target of the attack was the FireEye Red Team tools used to test customer security.
The hackers accessed tools used by FireEye to provide diagnostic security services to their customers which are designed to imitate the behavior of threat actors.
Executives at FireEye say they are uncertain what the cybercriminals plan to do with the tools they stole or if they plan to use them at all.

NSA Advisory Says Russian Cybercriminals Are Exploiting Vulnerabilities in VMware

A National Security Agency advisory says that Russian actors exploit vulnerabilities in VMware to access protected data on affected systems. The vulnerabilities are known to affect the following products:

  • Access Connector
  • Identity Manager
  • Identity Manager Connector
  • Workspace One Access

The cyber-actors must have access to a device’s management interface, according to the NSA. Then they can forge security assertion markup language (SAML) credentials that let them request access to protected information.

That's a Wrap for News You Might've Missed

I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.

The MSP’s Response Guide to a Ransomware Attack

Read our free guide to learn about:

  • Common MSP vulnerabilities;
  • How to prepare for a ransomware attack to keep your clients safe;
  • Which actions response to a ransomware attack should involve;
  • How to manage clients while handling an attack.