We’re excited to introduce MSP360 Managed Backup 7.0, with the new Backup Storage Browser feature, the ability to seamlessly add network shares to the backup plan source directly from the management console, Windows Server restore directly to cloud-based virtual machines, an Overdue status for endpoints on the Computers page, and the ability to authorize computers in a single user flow with a new Authorize group action. Continue reading
News You Might’ve Missed. May 2023
What's new this month in the news for MSPs? Cofense's Q1 Phishing Intelligence report shows a 527% increase in credential phishing; Magecart malware is hitting e-commerce sites again; and more. Continue reading
How Zero Trust Can Help MSPs Anticipate and Mitigate Security Threats
With the rise of sophisticated cyber threats, organizations need to be proactive in ensuring the security of their data and systems. Being reactive is no longer enough, and businesses must take preemptive steps to safeguard their assets. Managed service providers (MSPs) have a crucial role to play in this regard, and one of the most effective ways they can proactively protect their customers' data is by implementing zero trust. Continue reading
How MSPs Can Effectively Educate Customers on Ransomware Prevention
Without a doubt, managed services providers (MSPs) are responsible at some level for educating their customers on one of the biggest threats in today’s threat landscape — ransomware. As experts in the field of cybersecurity, MSPs should be able to properly educate their customers on this growing threat and the tools needed to protect themselves. But how should MSPs go about doing so? Continue reading
How to Scale Seamlessly with MSP360’s Backup Templates Feature
Configuring backup plans on many endpoints can be hard due to the complexity, scale, maintenance, and security challenges that need to be addressed. However, with a centralized backup management solution it’s easy to configure and manage backup plans across all endpoints. Continue reading
The Importance of Proactive Cybersecurity
It’s easy to get too complacent with any security, and nowhere is this truer than cybersecurity. Cyberattacks can occur at almost any time, anywhere, in any quantity. Attackers are often relatively safe from consequences and free to use failed cyberattacks as learning experiences for their next attempts. Continue reading
The Power of Content Marketing for MSPs
With increasing competition in the managed services provider (MSP) industry, you must have a strong marketing strategy to compete effectively. If done successfully, marketing can be the piece that sets you apart from your competitors, especially in a market valued at $267.3 billion. While a good marketing strategy involves many facets, content marketing is one crucial element. Continue reading
News You Might’ve Missed. April 2023
What's new this month in the news for MSPs? Google LLC announces a reorganization to Google Cloud Consulting for professional services offerings; Google is releasing new cybersecurity features for ChromeOS; and more.
Let's see what it's all about.
Google LLC Announces Reorganization of Google Cloud Consulting for Professional Services Offerings
Google LLC is moving its cloud business professional service offerings to a centralized portfolio dubbed Google Cloud Consulting.
This announcement comes after a year in which Google Cloud invested significantly, enabling it to expand its professional services practice, which allows organizations to use Google Cloud products more efficiently and train employees to use them.
Google LLC created the Google Cloud Consulting portfolio to combine services, offerings, and specializations. Google says there are two primary objectives behind launching Google Cloud Consulting.
One reason is to make it easier for businesses to get professional services from Google. With the practice, customers will find detailed descriptions and examples of each service in the catalog. Another reason is to make it easier for partners to work with Google's professional service teams.
Alphabet Inc. says that, at launch, the Google Cloud Consulting portfolio will have more than six professional services, and the offerings will be spread across a few categories.
Another set of Google Cloud Consulting services is focused on assisting businesses in optimizing their cloud environments. For example, a company can work with an organization that verifies whether its cloud services contain vulnerabilities in its security settings.
Training options in the Google Cloud Consulting portfolio equip admins with all the necessary skills to set up and manage Google Cloud environments. Some training offerings are for specializations like building AI apps using Google’s Vertex AI suite of ML tools.
Google Is Releasing New Cybersecurity Features for ChromeOS
A new set of cybersecurity features for ChromeOS will help organizations protect employee devices and sensitive business information from hackers. They debuted the new features at the RSA Conference, held in Las Vegas.
In recent times, Google has added tools to ChromeOS to expand its adoption in enterprise environments by making it simpler to manage and secure.
The Google-developed operating system leverages the Chrome browser as its primary interface, and the education sector uses it widely.
The ChromeOS Data Controls are the main highlight of the new features. Google says it will make it much easier to keep business records and information from being accessed and used without authorization.
Admins can stop users screen-sharing, copying and pasting, or taking screenshots with this tool. ChromeOS Data Controls allows businesses to choose when and how usage restrictions are applied. For example, admins can prohibit copying and pasting when staff use critical business apps. They can also stop users from pasting information into cloud-based storage services that admins haven't approved.
With enhanced settings and ChromeOS Data Controls, Google is making it easier to control privacy. Employees can now turn off the microphone and camera with a single click directly from the operating system’s settings.
Also included in the updated features is a grouping of integrations of external cybersecurity tools. The goal is to simplify ChromeOS computer fleet integrations with those tools.
Organizations can now leverage CrowdStrike Inc.'s Falcon Insight XDR cybersecurity platform for malware monitoring on ChromeOS devices. The platform supports Mac, Windows, and Linux, and admins can monitor ChromeOS machines centrally in a unified console.
Most enterprises use security analytics from cloud-based platforms that help detect indications of a breach. These collect and check data from numerous systems and devices, including ChromeOS machines searching for symptoms that indicate malicious activity. Besides simplifying the process of collecting data from ChromeOS teams, Google has added an integration that will simplify sharing security logs from the OS with Chronicle, its cybersecurity analytics platform.
In addition to user logins and logouts, ChromeOS can share information about remote desktop access requests and USB activity. It can also share the identical data with Palo Alto Network’s Cortex XDR and Crowdstrike’s Falcon LogScale security analytics platforms.
Campaigns Targeting Android, iOS, and Chrome Detailed by Google Researchers
Google LLC's Threat Analysis Group says threat actors are leveraging "zero-day" iOS, Chrome, and Android exploits.
Analysts say the first bit.ly-linked SMS campaign appeared last November, targeting victims in Italy, Kazakhstan, and Malaysia. Before redirecting the targets to genuine websites, the compromised links will send visitors to sites that host the exploits when clicked.
iOS 15.1 and earlier, Chrome, and Android versions earlier than 106 are vulnerable to these exploits. The campaign targeted two common vulnerabilities, exposures, or CVEs. The first leverages a PAC bypass technique patched by Apple in March 2022; another exploits a privilege escalation and sandbox escape flaw in AGXAccelerator that Apple patched in its iOS 15.1 update.
The Android exploit chain targeted victims using devices with an Arm Ltd GPU running versions of Chrome earlier than 106. As with Apple devices, the threat actors targeted known CVEs patched in Chrome 107 and later, with a bug in the Arm privilege escalation that was repaired in August 2022.
In December, security analysts discovered the second campaign, which involved multiple exploits and targeted the current version of the Samsung Internet Browser. Samsung Electronics Ltd installs the browser as standard software on all devices.
Similarly to the first campaign, targeted victims were sent one-time links over SMS, although this campaign focused on targeted users in the UAE. Users clicking on the link were sent to a site that mimicked one created by Variston IT SL, a spyware provider. Google researchers say that the threat actor behind the campaign might be a partner or customer of Variston or in some way working closely with them.
Researchers discovered that the targeted vulnerabilities in the campaign were linked to those patched through 2022 in Chrome. Samsung uses Chrome 102 as the basis for its internet browser. Since the base code isn’t updated, Samsung hasn’t fixed its browser, which has left it susceptible to threats.
Azure Patched Vulnerability Allowed RCE Access
Orca Security Ltd. shared details about a previously unknown Microsoft Azure vulnerability that lets hackers use remote code execution (RCE).
The "Super FabriXss" vulnerability was demonstrated at the BlueHat IL 2023 conference. It was clearly seen how the hackers behind it could escalate in reflected cross-site scripting.
During the demonstration, they showed how the Cluster Type toggle could be accessed by an unverified RCE, with hackers abusing the metrics tab and enabling a specific setting in the dashboard.
Orca warns that the Super FabriXss is a dangerous XXS (cross-site scripting) vulnerability and affects the Azure Service Fabric Explorer. Orca analysts note that remote hackers can run code on Service Fabric containers without authentication.
According to Orca, to exploit Super FabriXss requires two steps. The first step initiates a fetch request that uses an iframe that’s embedded. Then the hackers' code overwrites the existing distribution with a malicious one by taking advantage of the upgrade process. A CMD instruction in the new deployment in its Dockerfile downloads a .bat file from a remote server.
After the .bat gets downloaded, it runs its process, which results in an additional file that contains an encoded reverse shell. The hackers get remote access to the device targeted through the reverse shell. This access gives the hackers control of the cluster node, which is typically the host of the container.
Orca Security provided a report on the issue to Microsoft's Security Response Center before making the information publicly available. Subsequently, Microsoft investigated and assigned the issue CVE-2023-23383 with a Common Vulnerability Scoring System rating of 8.2, meaning a severity of “important.” In its March 2023 Patch Tuesday release, Microsoft released a fix for the vulnerability.
Security Analysts Call New Alienfox Malware Toolkit a Cloud Spammer’s Swiss Army Knife
Security researchers at SentinelLabs recently warned of a new toolset being used to harvest credentials from providers of cloud services. The researchers say the toolset is best described as a cloud hacker’s Swiss Army knife.
Threat actors are using AlienFox to collect API interface keys in addition to secrets from services such as Microsoft Office 365 and Amazon Simple Email Service (SES).
AlienFox is said to be a modular toolset that involves the sharing of source code archives. While researchers note that it’s shared on Telegram, hackers can also get some modules from GitHub. Since many of the tools that are a part of AlienFox are open-source, this means they can be modified and customized to the specific needs of those using them.
Hackers will begin an attack using the AlienFox toolset to harvest lists of misconfigured devices from security scanning providers such as Security Trails and LeakIX. They then use several scripts that extract private information like API keys and secrets stored in configuration files on compromised web servers.
According to security analysts, later versions of the malware toolkit can establish account persistence and privilege escalation on AWS. It can also automate spam campaigns and harvest send quotas through services and its victims’ accounts.
Security researchers say AlienFox’s spread shows a previously unknown trend of attacks against less substantial cloud services that are not suitable for cryptomining, which extends and enables future campaigns.
Mirai Malware Exploiting TP-Link Archer WiFi Router Flaw
Hackers are using the Mirai botnet to exploit the TP-Link Archer A21 (AX1800) WiFi router vulnerability. Tracked as CVE-2023-1389, the vulnerability lets attackers put devices into DDoS swarms.
Researchers first demonstrated the abuse during the Pwn2Own Toronto hacking event in December 2022. During the demo, two independent hacking teams used different pathways to breach the device – WAN and LAN interfaces.
TP-Link was informed about the vulnerability in January 2023 and released a complete fix during a firmware update last month, after previously addressing the problem in February with a patch that didn’t stop the exploits.
Zero Day Initiative detected exploit attempts that initially focused on Eastern Europe before spreading internationally. The source of the vulnerability is the lack of input sanitization in the language settings of the local API, which doesn’t filter or validate the information it receives. This missing protection lets hackers inject commands they can execute on the device.
The command-injection problem in the TP-Link Archer A21 (AX1800) WiFi router exists in the device firmware before version 1.1.4 Build 20230219; this version contains a fix for the flaw. An unverified hacker can use this flaw to exploit this hole and inject commands leading to RCE, letting attackers take control of the system from anywhere.
TP-Link automatically pushed a firmware update to routers attached to a TP-Link Cloud account. Others using the TP-Link Archer A21 (AX1800) WiFi router will need to update the router manually. TP-Link has already issued a notice requesting users to install the firmware update.
That's a Wrap for News You Might've Missed
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next month for more highlights
Cybersecurity Trends in 2024 — Everything You Should Know
As technology evolves at an unprecedented rate, so do the associated threats and cyber risks. Cybersecurity is becoming increasingly important for businesses of all sizes in 2024, and managed services providers (MSPs) must proactively identify and address emerging cybersecurity trends. Continue reading
Save Up to 50% of Storage Space with MSP360 & Forever Forward Backups
It is essential to have a backup system in place to ensure that data is not lost in case of a disaster. Among various backup methods, the Forever Forward Incremental backup is a reliable and efficient way of backing up data. Continue reading
Introducing MSP360 RMM 1.6
We are thrilled to announce the latest enhancements and updates, which aim to provide IT administrators with an even more convenient remote monitoring and management solution. This update includes remarkable upgrades such as Wake-on-LAN, alert customization, enhanced support for Linux and macOS devices, SNMP monitoring updates, and an updated PowerShell tab. Continue reading
Introducing Updated Web-Based Remote Access
We are pleased to inform you that significant enhancements have been made to web-based remote access. The latest update includes some vital features, including clipboard sharing, multi-monitor and remote sound support. Continue reading