What's new this week in the news for MSPs?
AWS Launches Kendra; New Office 365 Feature Blocks Email Storms; Amazon Now Calls JEDI Microsoft Contract Fatally Flawed; Google Cloud VMware Engine Rolled Out; Texas Courts Hit by Ransomware; Thunderbolt Exploit Gives Hackers Access to Locked PCs; Ramsay Malware Steals Files from Secured Air-Gapped Computers; and Microsoft Warning on COVID-19 Phishing Malware. Let's see what's going on.
AWS Launches Kendra Search Platform
Amazon Web Services, Inc. announced the launch and availability of Amazon Kendra, a managed search program for enterprises that will help their employees navigate internal data repositories. AWS first previewed Kendra at their re:Invent conference last December.
Kendra employs a search bar where employees can input natural-language queries to locate the data needed for their work. On the occasion of this announcement, AWS also revealed the expansion of the number of systems it can sort through when compiling search results. Kendra now provides connectors for Salesforce, ServiceNow, and Microsoft Corp.'s OneDrive cloud storage service.
AWS has also improved the platform's vocabulary by adding domain-specific terms across eight new industries, including HR, legal, media, automotive, and health, along with entertainment, news, telecommunications, and travel and leisure.
Most of AWS’s competitors offer their own managed search platforms.
Microsoft Launches New Office 365 Feature to Block Email Storms
A new feature in Office 365 has just been rolled out by Microsoft Corp. This feature is designed to block the email storms that occur when users hit “reply all” to large email distribution lists.
The Reply All Storm Protection feature was explained by the Exchange team in a blog post last week. It will mostly benefit large organizations that have extensive distribution lists.
When a reply in an email storm is detected as taking place, the feature will block subsequent attempts to “reply all” to the thread, and return a non-delivery receipt to the sender.
Amazon Now Calls JEDI Microsoft Contract Fatally Flawed
Amazon Web Services, Inc. has stepped up its protest over the Joint Enterprise Defense Infrastructure (JEDI) cloud contract award with an increasingly sharp war of words and legal maneuvers. Most recently, it has asked the U.S. Department of Defense for more clarity around corrective action it has proposed taking. Also, they filed a second and concurrent bid protest directly with the Department of Defense on Monday.
While the objection hasn't been declared publicly, in a new blog post, Amazon.com, Inc.'s communications chief said the award is "fatally flawed on all six of the technical evaluation factors”.
Amazon's protest is in response to a federal court judge's decision to grant the DOD a 120-day remand to "reconsider the aspects of the procurement challenged in Amazon's protest of the JEDI contract." However, the judge only included a single evaluation factor, whereas Amazon is saying that all of the evaluation factors need to be reviewed.
Google Cloud VMware Engine Rolled Out
The Google Cloud VMware Engine service is finally out of the box. Google LLC announced the rollout this week. It will make it simple for customers to run their on-site VMware applications on their company's public cloud infrastructure.
Google Cloud general manager June Yang's recent blog post in which she introduced the service stated that VMware is the foundation of a number of its customers' information technology environments. Also, she declared that many of them were waiting to move their workloads to the cloud, where additional resources are easily added on to their existing infrastructure.
Since this service is entirely managed, customers won't need to worry about the operational burden of running VMware apps on Google Cloud.
Ransomware Attack Targets Texas Courts
Late last week, websites belonging to Texas courts were shut down in response to a ransomware attack. On Monday, the Office of Court Administration for Texas released a statement to the effect that the ransomware attack had been detected on Friday, May 8. They described the attack as having occurred in the "overnight hours".
According to Law.com, the Texas Supreme Court is among the Texas court sites affected by the ransomware attack. The court has shifted to releasing orders and opinions on Twitter until its website is restored.
Thunderbolt Exploit Allows Hackers to Break into Locked Computers
PCs using a Thunderbolt port made before 2019 are at risk. An unpatchable exploit in these devices has made them vulnerable to use by hackers in order to break into locked machines. The exploit, called Thunderspy, was publicly detailed on Sunday.
According to the information released, it affects all Windows and Linux computers with Thunderbolt ports that were made before 2019. It also poses a risk, although a much more limited one, to Apple Inc.'s Macs.
The attack uses an SPI programmer, a small device for configuring chips such as flash drives, that allows it to manipulate a Thunderbolt connector's controller chip and disable its security features.
Since Thunderspy requires physical access to a machine, as well as a considerable amount of technical know-how, to be able to exploit it, it is unlikely to pose a risk to the vast majority of users.
Learn about common ransomware attack scenarios and what to do if one of these attacks affects your clients:
Further reading Ransomware Attack Scenarios
Ramsay Malware Steals Files from Secured Air-Gapped Computers
Researchers have discovered a few samples of a new type of malware that they have named Ramsay. It can take private files from systems isolated from the Internet, and there are already a few known victims to date.
It gets on a victim's computer through an infected RTF file and then scans network and removable drive shares for PDF files, Word documents, and ZIP archives. ESET malware researcher Ignacio Sanmillan believes there is sufficient evidence to show that the Ramsay framework is still being developed and that the delivery vectors are yet to be refined.
Ramsay's primary purpose is to take files from a compromised host.
All variants reviewed by ESET collect all Microsoft Word documents on the target computer; newer ones will also search for PDF files and ZIP archives on network drives and removable drives.
ESET researchers believe that the malefactor behind Ramsay has knowledge of the victim's environment and is developing attack vectors that would preserve resources.
Microsoft Warning on COVID-19 Phishing Malware
Microsoft has found a new COVID-19-themed phishing campaign. The LokiBot information-stealing trojan, which uses economic concerns to target its victims, was found by using algorithms from Microsoft Threat Protection's machine learning.
Check our anti-phishing guide to learn more about phishing and how to stay protected.
After infecting a system, LokiBot will keep saved log-in credentials from a variety of browsers, mail, FTP, and terminal programs. It then sends them back to the attackers' servers, where they can later be retrieved.
According to Microsoft, the new phishing campaigns use COVID-19 lures to trick recipients into opening infected attachments. Two of the sample emails seen use ARJ files with executables disguised as PDFs. Some anti-malware scanners skip these types of files.
Microsoft customers using Windows Defender and Office 365 are protected automatically.
That's a Wrap
That's the news in summary for MSPs this week. I hope it has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next week for more highlights.