What's new this week in the news for MSPs?
Microsoft extends Azure Arc's hybrid cloud abilities; Google adds Anaplan's business planning tools to its cloud offerings; US DHS Cybersecurity and Infrastructure Agency issues warning on LokiBot malware; IPG Photonics Corp. hit by ransomware attack; and QNAP NAS devices target of AgeLocker ransomware attacks. Let's see what it's all about.
Microsoft Extends Azure Arc's Hybrid Cloud Abilities
According to Microsoft Corp., it is extending the hybrid cloud abilities of its Azure cloud platform. They made the comments at their Ignite 2020 virtual conference. The new services will simplify running applications and workloads in any environment, multiple clouds, across on-premises data centers, and the network edge.
They also announced a new communications service built on top of Azure that will allow developers to add unified communications abilities, such as chat, video call, and SMS text, to their apps.
Google Adds Anaplan's Business Planning Tools to Its Cloud Offerings
Google is teaming up with Anaplan in a partnership that aims to help its clients benefit from its unique cloud abilities.
Presently, Anaplan sells an enterprise platform used for business planning and marketed under the same name. Centered on an in-memory database and calculation engine called HyperBlock, its platform allows clients to organize and analyze disparate data sets. These sets span various business operations, such as human resources, finance, and sales, among others.
Its Excel-style functionality is considered a primary advantage of Anaplan's platform. It helps make it more accessible to ordinary business workers. Several modules are included in the software that help it to make data-driven decisions in specific categories, such as demand, quota and workforce planning, budgeting, planning and forecasting, commission calculation, financial consolidation, and profitability modeling.
According to Google, Anaplan stands to gain better performance and more scalability, and benefit from a more secure infrastructure by running its platform on Google Cloud. Additionally, the partnership allows Anaplan to extend its global reach.
US DHS Cybersecurity and Infrastructure Agency Issues Warning on LokiBot Malware
The US Department of Homeland Security's Cybersecurity and Infrastructure Agency issued an advisory on the increased spread of the LokiBot malware, which was developed to steal confidential information.
LokiBot was discovered in 2016, but there has been a massive increase in detections of the malware since July of this year, and this has the authorities concerned. Furthermore, various forms of LokiBot for Android and Windows have been offered as open source on the dark web. These were spotted by CISA's automated intrusion detection system known as “Einstein”.
"Throughout this period, CISA's EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected persistent malicious LokiBot activity," CISA said in the advisory.
The trojan functionality found across various versions of LokiBot is designed to steal sensitive information such as passwords, usernames, cryptocurrency wallets, and other credentials. Other functionality can include a keylogger to monitor desktop and browser activity. LokiBot can also make a back door that allows cyberattackers to install other payloads.
CISA is advising government agencies and departments and those in the private sector to apply the best cybersecurity practices to strengthen their security postures.
IPG Photonics Corp. Hit by Ransomware Attack
The cyberattack on IPG Phototonics Corp. involved the RansomExx strain of ransomware, which is sometimes also dubbed Ransom X and was first reported by BleepingComputer.
RansomExx was initially detected in July, when Konica Minolta Inc., a Japanese technology company, was attacked. It is believed that RansomExx is a newer strain of a previous form of ransomware known as Defray777.
The ransom demand against IPG Photonics, like the Konica Minolta attack, included a message that stated that law enforcement should not be contacted because ransom payments could be blocked. Some suspect that the cybercriminals behind RansomExx and Defray777 are Russian state-sponsored hackers. Nevertheless, the motivation seems to be financial.
"The ransomware attack against IPG Photonics highlights a concerning trend," according to Andrea Carcano, co-founder of operational technology and "Internet of Things" security company Nozomi Networks Inc. "Attackers are demanding higher ransoms and targeting larger and more critical organizations. These threats should be a serious concern for security professionals responsible for keeping not only IT but OT and IoT networks safe."
QNAP NAS Devices Target of AgeLocker Ransomware Attacks
AgeLocker ransomware is targeting QNAP NAS devices. The malware encrypts the device's data, and it will remove files from the victim in some cases. AgeLocker is ransomware that utilizes an encryption algorithm called Age (Actually Good Encryption), designed to replace GPG for encrypting files, backups, and streams. AgeLocker, or some other ransomware that uses identical encryption, has been publicly targeting exposed QNAP NAS devices since August 2020 and encrypting their files.
Michael Gillespie has confirmed that AgeLocker activity has picked up from the end of August, and continues to attack QNAP devices everywhere.
The ransomware leaves a ransom note titled “HOW_TO_RESTORE_FILES.txt” when it encrypts files. The message tells the victim that their QNAP device was explicitly targeted in the attack.
QNAP has provided the following steps to make sure you are running the latest firmware, and that vulnerabilities are patched:
- Log on to QTS as an administrator.
- Go to Control Panel > System > Firmware Update.
- Under “Live Update”, click “Check for Update”.
- QTS downloads and installs the latest available update.
QNAP also suggests that users update the Photo Station software with the following steps:
- Log on to QTS as an administrator.
- Open the App Center, and then click the search icon. A search box will appear.
- Type "Photo Station," and then press enter. The Photo Station application appears in the search results list.
- Click “Update”. A confirmation message appears.
- Note: The “Update” button is not available if you are using the latest version.
- Click “OK”.
- The application is updated.
All QNAP owners should go through the following checklist to further secure their NAS and check for malware:
- Change all passwords for all accounts on the device
- Remove unknown user accounts from the device
- Make sure the device firmware is up-to-date, and all of the applications are also updated
- Remove unknown or unused applications from the device
- Install the QNAP MalwareRemover application via the App Center functionality
- Set an access control list for the device (Control panel -> Security -> Security level)
Learn about ransomware protection strategies and get tips on how to protect your and your customers' businesses in this guide:
Further reading How to Protect Against Ransomware
That's a Wrap for News You Might've Missed
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.