During this week there has been a lot going on, from ransomware to new bugs in Windows 7. There’s a lot of essential news you might have missed and now it's time to focus on the important stories for MSPs.
Table of Contents
Ransomware: Emisoft's 2020 Predictions on What It's Going to Cost
According to Emisoft, ransomware demand costs could be more than $1.4 billion in the US in 2020. In their report, they've based their forecast on the approximately 450,000 incident reports from 2019. Right now, the average ransomware demand is $84,000, and most experts expect 2020 to be worse.
Emisoft don’t claim that their estimates are 100% accurate, however, and they accept that they may have either under- or overestimated.
Pulse Secure Hires Alex Thurber, and Partners with SecureWave
Alex Thurber has been named chief revenue officer for Pulse Secure. Thurber has over 20 years of experience in technology industry leadership. This includes spells as SVP and GM for Blackberry, and leadership roles with McAfee.
Pulse Secure also announced a distribution partnership with SecureWave, an Israeli data-security and IT-infrastructure value-added distributor earlier this month. Thurber's appointment seems to follow on from that. Pulse Secure is hoping to grow its sales channel across Israel, and SecureWave is a big part of that strategy. SecureWave will help Pulse Secure meet the accelerating demand for its zero-trust security solutions.
Data Breaches Everywhere
With more businesses adopting cloud technologies, breaches have been commented on at the majority of IT events. Here are a few of the data security incidents that have happened recently.
Laptop Theft Results in Healthcare Data Breach
GridWorks is an Oregon-based ride-to-care vendor that experienced a robbery in which a laptop was stolen. The computer contained personal identifiable information (PII) relating to 654,362 members. The stolen database contained names, addresses, phone numbers, and Medicaid ID numbers.
Online Banking Users Targeted by Trojan Malware Campaign
The Metamorfo banking trojan has targeted users of over 20 banks internationally. Targets have included the US, Canada, Peru, Chile, Spain, Brazil, Ecuador, and Mexico. The intended victims received a phishing email that claimed to contain an invoice relating to them, together with an attached zip file.
Infection occurs when a user downloads and runs the file. The malware then monitors the user’s activities, and checks when they attempt to go online for banking activities. It then reports back to the threat originators. The malware mainly affects Windows computers.
Tens of Thousands of Soccer Fans Exposed in Brazilian Leaky Server
Members and loyalty program participants of the Brazilian soccer team Palmeiras were the victims of a leaky S3 bucket in Brazil. The team has over 18 million supporters countrywide. The database contained tens of thousands of names, contact details, dates of birth, marital status, and social security numbers, along with details of the kind of payment used for membership subscriptions.
Doppelpaymer, the New Ransomware Selling Victims’ Information on the Dark Web
Doppelpaymer is a new ransomware player. It steals its victims' files and then encrypts their devices. It threatens to publish or sell the data if the victims don't pay the ransom.
The operators of Doppelpaymer have stated that they have been selling the stolen data for over a year. They intend to publicize this stolen data in order to increase the ransom they receive from it.
SpiceJet Suffers Breach Affecting 1.2 Million Customers
An unnamed researcher breached the systems of SpiceJet to gain unauthorized access to their unencrypted PII data. The systems contain the information of over 1 million passengers. Included in the data were full names, phone numbers, email addresses, and dates of birth.
Three Cybersecurity Bills Blocked Again
Three bipartisan election security bills were again blocked by the Senate, ignoring the anxieties and warnings of the intelligence community. The FBI has warned that interference from foreign entities has already started and will intensify.
FBI Director Christopher Wray has warned that Russian hackers have started an information warfare campaign. This campaign is certain to cause disruption in the November 2020 elections.
Sen. Marsha Blackburn (R-TN) opposed the requests for each bill, countering the federal government’s arguments by invoking the state's rights. She accused Democrats of trying to push the laws through, knowing that Republican lawmakers would obstruct them.
Israeli Election App Leaks Voter Information Online
An Israeli election app used by the government's ruling party, Likud, leaked nearly 6.5 million voters' information online. It had been understood that voter information was to be shared between all parties, safeguarded, and then destroyed following the election. However, the app that was used had a bug that made the data available to just about anyone, so that they could download the entire register.
The Haaretz news agency got an anonymous tip-off about the security issue and, having verified the information, carried out an investigation. Up to now, it's not known whether anyone downloaded the data. The information included in the register had the full name, identity card numbers, genders, and even full address, along with phone numbers.
The issue was corrected as soon as it was reported, according to the developer of the application, Feed-b.
MSP Engineer Arrested
An employee of Atlanta-based MSP Chimera Technologies was arrested for allegedly attempting to sell access to client information located on their cloud servers. According to court records, Marquavious D. Britt reportedly wrote as "w0zniak" in a post to Torum, a dark web forum, "I'm selling access to an MSP." He bragged that he had access to their virtual private servers and that their high-profile clients included law offices, accountants, and a pharmaceutical company.
Marquavious D. Britt has been charged with two separate counts of computer fraud after federal agents did a controlled buy from Britt's online alter ego, "w0zniak."
Windows 7 Bug Prevents Users from Shutting Down or Rebooting Computers
ZDNet reports that a bug of unknown origins has hit users of Windows 7, following the end of updates from Microsoft. According to online reports, users are getting a pop-up message that says, "You don't have permission to shut down this computer." The cause remains unknown now, and several work-arounds have been posted.
Chinese IPs Spear Phishing Office 365 Logins
According to the users' report on Reddit, Chinese IPs are spear phishing Office 365 logins. Specifically, they're replicating custom login pages to attempting logins into accounts from a single Chinese IP. The domain on the landing page shown is wodwt.com, and the corresponding IP, as seen in Azure AD, is 220.127.116.11.
Some of the suggested security measures include blocking Chinese IPs or regions where your company doesn't do business.
That's A Wrap
That's the week in summary. I hope this overview has been helpful. MSP360 is your resource for MSP news. Check back next week for more highlights.
In this educational webcast Nick Cavalancia, former MSP owner, Microsoft Cloud and Datacenter MVP, and Steve Putnam, Senior Cloud Services Architect and Engineer with MSP The PC Wizard, discuss and explain how to avoid:
- Backup Mistakes
- Management Mistakes
- Recovery Mistakes
- Business Mistakes