What's new this week in the news for MSPs? We may be in quarantine, but that doesn't stop security breaches and malware attacks.
AWS offers hybrid service Outposts and accuses Pentagon of giving a do-over to Microsoft, Finastra gets hit by a security breach, and more. It's been a busy week! Let's see what's going on.
AWS Launches Outposts for Government Cloud Users
Amazon Web Services, Inc. (AWS) is now giving public-sector customers access to its AWS Outposts service as part of its GovCloud region, along with access to all of its cloud services, and apps run on-premises. AWS Outposts is a hybrid cloud service that AWS first announced in late 2018.
The service extends native AWS or VMware Cloud on AWS deployments to their customers' data centers. This extension will effectively give them an on-premises version of the AWS cloud. AWS has followed Microsoft's methodology for Azure Stack, and is providing similar access to its customers.
With AWS Outposts now available in GovCloud regions, its customers will be able to run, compute and store workloads on-premises with fully managed and configurable infrastructure stacks based on AWS-designed hardware. The service is ideal for workloads that might benefit from low-latency access.
AWS Accuses Pentagon of Giving Microsoft a Do-Over for JEDI
Amazon went to court again to file documents charging the Pentagon with unfairly favoring Microsoft Corp. as part of its reevaluation of the JEDI contract.
"Instead of addressing the breadth of problems in its proposed corrective action, the DoD's proposal focuses only on providing Microsoft a 'do-over' on its fatally flawed bid while preventing AWS from adjusting its own pricing in response to the DoD's new storage criteria," an AWS spokesperson said.
The AWS filing lists approximately eight different areas where it contends that the Pentagon performed “evaluation errors” when deciding the suitability of Microsoft’s cloud services. AWS is requesting the court to order that the Pentagon reevaluate JEDI in a way that addresses all errors.
Security Breach Hits Finastra
In response to a security breach discovered Friday, March 20th, Finastra announced that it was shutting down its primary systems. Finastra is a company that provides a range of technology solutions to banks worldwide. While they have not stated the cause of this action, experts suspect a ransomware attack.
Ransomware infestations have become de facto data breaches for victim companies. These internet thugs often download reams of data from targets before launching the ransomware inside their systems.
As a side note, it appears that hospitals and healthcare centers are being given a reprieve from these attacks for the time being. BleepingComputer's Lawrence Abrams recently reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako ransomware infections. Several of them told him they would indeed stop attacking healthcare providers for the time being. A release from the Maze ransomware gang reads, "We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus."
WordPress Plugins Spreading Coronavirus Malware
WordPress WP-VCD malware threat actors have begun spreading modified versions of coronavirus malware containing code that implements a backdoor into websites. The WP-VCD family of WordPress infections are distributed as nulled, or pirated, WordPress plugins that carry modified code that injects a backdoor into any themes that are installed on the blog, as well as various PHP files.
After a WordPress site is infected, this malware will then attempt to infect other sites on the same shared host.
The end game here is to use compromised WordPress sites to display popups or perform redirects that generate revenue for the threat perpetrators.
The best way to avoid having your site infected is to stay away from third-party sites for themes and plugins. Since the WP-VCD malware comes from pirated WordPress plugins, it's best not to download any plugins from unauthorized websites.
Linksys and D-Link Routers Targeted by Malware
Hackers are using brute-force tactics to access the admin panels of routers. They have been targeting popular-brand routers, with D-Link and Linksys being the most affected. Once they gain access, they change DNS settings to show browser alerts that instruct victims to download fake coronavirus information apps.
The hackers also use a preset list of websites that redirect to other sites to force users to download a fake COVID-19 app that portrays itself as coming from the World Health Organization (WHO).
The domains used to redirect users to malicious sites include:
- aws.amazon.com
- goo.gl
- bit.ly
- washington.edu
- imageshack.us
- ufl.edu
- disney.com
- cox.net
- xhamster.com
- pubads.g.doubleclick.net
- tidd.ly
- redditblog.com
- fiddler2.com
- winimage.com
Bitdefender is advising users with a D-Link or a Linksys router to make sure to have a secure admin password and verify with their ISP that the router settings are correct.
Above all, keep your devices safe by using the best-rated antivirus software packages.
Corona Antivirus Infects Victims with Malware
Need protection from the coronavirus? A new site is claiming its antivirus can do just that. It's sad to see cybercriminals using the ongoing coronavirus for their profit, by playing on people's ignorance and fear. This scam launches numerous campaigns that use COVID-19 as a lure to entice users into installing a variety of malware and data stealers.
Malwarebytes found that cybercriminals have set up a website advertising "Corona Antivirus - World's best protection." This website attempts to trick users into installing their antivirus software that purports to have the capability to protect users from becoming infected with the virus in real life.
While most people know this is impossible, there is a reasonable suspicion that a few may fall victim to its false claims.
That's a Wrap
That's the week in summary. I hope this overview has been helpful. MSP360 is your resource for MSP news. Stay healthy and check back next week for more highlights.