{"id":43323,"date":"2020-08-14T17:18:40","date_gmt":"2020-08-14T13:18:40","guid":{"rendered":"https:\/\/www.msp360.com\/resources\/?p=43323"},"modified":"2020-12-10T14:21:10","modified_gmt":"2020-12-10T10:21:10","slug":"news-you-mightve-missed-10-14-august","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/news-you-mightve-missed-10-14-august\/","title":{"rendered":"News You Might’ve Missed. 10 – 14 August"},"content":{"rendered":"

What's new this week in the news for MSPs?<\/p>\n

Pentagon asks for more time on the JEDI contract; SANS Institute data breach; Agent Tesla upgraded to steal passwords; Dharma ransomware being exploited by hackers in attacks; and Microsoft allowing Office 365 admins to manage phishing simulations. Let's see what it's all about.<\/p>\n

<\/p>\n

Pentagon Asks for More Time on the Jedi Contract<\/h2>\n

The US Department of Defense has been reviewing the award of a contract to Microsoft Corp. It has requested a thirty-day extension<\/a> before it gives its final decision.<\/p>\n

The Joint Enterprise Defense Infrastructure (JEDI) project entails an infrastructure for cloud computing for the Pentagon. This project will create a link between many military systems and put them under an individual, unified architecture. According to the Department of Defense (DOD), artificial intelligence projects under JEDI will move ahead to the next level.<\/p>\n

The award of JEDI to Microsoft Corp. ahead of a bid by Amazon Web Services, Inc. that experts say was the favorite, has been a matter of controversy.<\/p>\n

Amazon and Microsoft have been at loggerheads since the award. Last May, Drew Herdener, VP for AWS, commented that the award decision was \"fatally flawed on all six of the technical evaluation factors.\" Frank Shaw, Microsoft's corporate VP of communications, responded, claiming<\/a> Amazon was \"trying to bog down JEDI in complaints, litigation and other delays\" to overcome its failed bid.<\/p>\n

Sans Institute Data Breach<\/h2>\n

The SANS Institute, a cybersecurity training and certification firm, confirmed in a statement<\/a> this week that it had suffered a data breach. According to the announcement, the hackers took the records of approximately 28,000 clients. The breach began from a phishing attack on an employee which contained an infected Office 365 attachment.<\/p>\n

In its statement, SANS revealed that it had detected the breach on August 6th. It then \"quickly stopped any further release of information\" from the compromised account. The email account was forwarding the data to a suspicious external email address.<\/p>\n

The company suggested that there was no evidence that it was a targeted attack.<\/p>\n

Tim Wade at Vectra AI, Inc., a threat detection and response firm, said in a comment to SiliconANGLE, \"The real hallmark of modern security is about resilience to attacks \u2013 the capacity to perform timely detection and response before material damage is done even after preventative controls have failed.\"<\/p>\n

Ilia Kolochenko, from ImmuniWeb, also noted, \"Attackers will now gradually focus their attention on cybersecurity companies and organizations to get their clients' privileged information or credentials.\" He also offered praise for the SANS Institute's response to the incident.<\/p>\n

Agent Tesla Upgraded to Steal Passwords<\/h2>\n

Agent Tesla, an information-scraping trojan, has new variants that have modules aimed at stealing credentials from applications. Some of the apps include VPN software, web browsers, and also FTP and email applications.<\/p>\n

\u00a0<\/a>\"CTA\"<\/a><\/span><\/span><\/div>\n

Agent Tesla is a .Net-based trojan with password-stealing and key-logging abilities. It has been active since 2014, according to most experts.<\/p>\n

Currently, the malware is trending among business email compromise (BEC) gangs. They use it to record keystrokes and take screenshots of compromised systems of their victims. Another way it is used is to steal victims\u2019 clipboard contents data, kill anti-malware software and analysis processes, and collect system information.<\/p>\n

According to Jim Walter, a senior threat researcher from Sentinel One, \"The malware can extract credentials from the registry and related configuration or support files.\"<\/p>\n

At present, Agent Tesla seems to be one of the more active malware strains in use in attacks that target both business and home users, according to a list of the top 10 malware variants analyzed by Any.Run.<\/a><\/p>\n

\n
\n
ON-DEMAND WEBINAR<\/div>\n
Ransomware: Prevent or Recover<\/div>\n
Watch the webinar and prepare yourself and your customers with the right approach and the right tools<\/div>\n\"CTA\"<\/a><\/span><\/span>\n<\/div>\n
\"Webinar<\/div>\n<\/div>\n

Dharma Ransomware Being Exploited by Hackers in Attacks<\/h2>\n

Dharma ransomware-as-a-service is trending among cybercriminals<\/a> in attacks on SMBs this year, according to the British cybersecurity company Sophos. The hackers leverage different variants of the Dharma source code that have been offered for sale or dumped online.<\/p>\n

According to Coveware, a ransomware recovery company, 85 percent of attacks are using Dharma against SMBs in 2020. The objective of their attacks was to expose access tools like the remote desktop protocol (RDP).<\/p>\n

Sophos senior threat researcher Sean Gallagher says that Dharma represents \u201cfast-food franchise ransomware.\u201d He further noted that it uses a mass-market, service-based business model, which puts it in this category. Because of this, Dharma has rapidly grown to be one of the world\u2019s most lucrative ransomware families.<\/p>\n

Sophos has these suggestions for SMBs to protect them from Dharma threats:<\/p>\n