Prem Fancy Store

[Chanelle Kirksey]

Mymain reasoning is, that I do not want to store our data in the most unsafe place there is: The Internet. And for that matter I do not really care how great the network protection of a cloud service provider is.

As the only IT person, using cloud services can be very good for you as all you will need to do is to ensure that your users have the update browser (if your applications are web-based). Some of these include emails, Office365 and even ERP or HR system.

As for concerns, is your job part of these? If you find that backups/disk space management, etc are a large part of your current role, then it may feel that these tasks are taken away from you if servers are hosted on the cloud but I would guess there will be loads of other tasks to do to compensate.

Internally our management team is most concerned about some of our formulations (getting online), all while physical security is dismal at the plant (how crazy is that?). If a company is serious about security it needs to be a holistic approach - all angles of attack considered equally.

We moved to cloud services a few years ago i.e. 365 and Egnyte cloud for our file sharing and collaboration. We are a small company so this made sense for us. For security there are two factor authentication for both services which we use. There is also Advanced Threat protection as an option that MS 365 has which works very well.Once the users got to grips with it all I have found it saves me a lot of time on administration. Initially we did start our using Sync tools for syncing files for the users, but I found this time consuming and there was the extra security concerns when users are travelling.

There is an option to use some kind of hybrid cloud (like we currently offer StarWind Hybrid Cloud Solution for Azure ) where you can securely run all your data on-site and manage it on-site with an option to failover to cloud in case of an outage. This way is preferred for the people who do not really tend to move towards cloud rapidly and gives a nice starting approach to try cloud services without breaking/reconfiguring everything. I treat this as having some kind of launch pad for PoC/testing.

What is your reasoning for not caring about security? This seems like the best reason to only go cloud. Find a provider that does care about their security and keep the data there. Caring about this is so important that that alone would be a reason not to keep any apps in house if this is the in house security position.

Though Cloud computing will be the future, certain products are still good to be kept as On-premise.

For example: Assuming everything goes cloud, and all solutions are hosted via browsers, we need to add more security to browsers via on-premise products to make sure we have complete security over those hosted cloud solutions.

So to sum up, it depends on your priority and demand.

Thanks Wim Smit.

Dave Bittner: The Flea APT sets its sights on diplomatic targets. An update on the C10p gang's exploitation of a MOVEit vulnerability. Unpatched TP-Link Archer routers are meeting their match in the Condi botnet. The "Muddled Libra" threat group compromises companies in a variety of industries. A look into passwordless authentication. Derek Manky of Fortinet describes the Global Threat Landscape. Rick Howard speaks with Rod Wallace from AWS about data lakes, and Fancy Bear noses its way into Ukrainian servers.

Dave Bittner: A Chinese cyberespionage campaign has hackers hoping to be a flea on the wall in foreign affairs ministries across the Americas. The Threat Hunter team at Symantec released a new report detailing a recent cyberespionage campaign seen targeting various ministries of foreign affairs. This campaign is said to be conducted by the China-backed advanced persistent threat group called "The Flea," with other known aliases that include APT15, Nylon Typhoon, BackdoorDiplomacy, among others. It's deploying Backdoor.Graphican, a third-generation backdoor derived from the previously used Ketrican and BS2005. The report says the major difference between the functionalities of Graphican and Ketrican are Graphican's use of the Microsoft Graph API and OneDrive to obtain its command-and-control infrastructure. Symantec also drew similarities between Graphican and Fancy Bear's Graphite malware, which also uses Microsoft Graph API and OneDrive as a command-and-control server. Though their techniques may be similar, this doesn't necessarily mean they are collaborating, "The Flea" aims to gain persistent access its targets' networks.

Dave Bittner: Researchers at FortiNet's FortiGuard Labs discovered a campaign that uses a newly marketed distributed denial-of-service botnet, Condi. The botnet uses an unauthenticated command injection vulnerability in TP-Link Archer routers to infect machines. Condi includes several features to ensure it is the only botnet running on the infected machine. It also disables the ability to remotely shut down the router, because the malware cannot survive a reboot or shutdown. The developer also seems to have incorrectly implemented the feature to kill previous versions of itself running on the infected router. Condi is unusual in using a scanner to search for open ports on HTTP servers to send what researchers says is a hardcoded exploitation request to download and execute a remote shell script that will infect vulnerable TP-Link routers. Condi creates an HTTP server that will, in turn, masquerade as a legitimate Apache HTTP server responding with a "Server: Apache" header. A bargain in the C2C market, Condi is offered on Telegram for the low-low price of just $5. Criminals can buy the source code for 50 bucks. FortiNet strongly recommends that users continue to update their machines to prevent threat actors from exploiting them. This vulnerability was discovered in mid-March of this year and was patched two days after its discovery.

Dave Bittner: Astrology may be making its way into your life, though not in the way that the mystics reading their horoscopes would tell you. Palo Alto Networks' Unit 42 is tracking "Muddled Libra," a threat group that uses the 0ktapus commodity phishing kit to compromise entities in the software automation, business process outsourcing, telecommunications, and technology industries. Unit 42 assesses that the group has an affinity for targeting customers downstream of their victims, using the data they've stolen, and they that if allowed, they will return repeatedly to the well to refresh their stolen dataset. This allows for a return to past victims, even following the company's initial response.

Dave Bittner: Axiad, this morning, released the findings of a Passwordless Authentication Survey it commissioned conducted by Enterprise Strategy Group. The survey covers an array of vectors related to authentication: challenges, user experience, user attitudes toward authentication, and the wants and needs of organizations that implement authentication measures. Professionals across the cybersecurity, development, and IT fields within North America were surveyed. Phishing and social engineering attacks proved to continuously be a point of concern, as 92% of the survey's respondents reported fear over credential harvesting. Almost 60% of respondents report with confidence that they believe compromised accounts, or harvested credentials, have been the cause for a successfully implemented cyberattack within the last year. Passwordless authentication seems to be a prioritized vector for these professionals, as a majority, 82% of respondents, placed a move to passwordless authentication within their top five priorities, with 85% reporting a move to passwordless authentication planned within the next one to two years. Respondents also report a belief that a move to passwordless authentication will aid IT and support teams within their organization, with 86% of those surveyed in agreement.

Dave Bittner: And finally, the GRU's APT28 group, Fancy Bear, used three Roundcube exploits against Ukrainian email servers in the course of a renewed and recently detected Russian cyberespionage campaign. The attack's success was enabled, CERT-UA says, by the victims' continued use of an outdated version of the Roundcube open-source webmail software, a version that remains susceptible to SQL injection attacks. CERT-UA credits the detection of the activity to information received from a Western company working within a program of regular information exchange and thanked them for their aid and their disclosure. The company is unnamed, but it's clearly Recorded Future, given the link CERT-UA provides to the research that tipped them off to the GRU campaign. Recorded Future says as much itself. An extensive account published yesterday by the company's Insikt Group says, "The campaign leveraged news about Russia's war against Ukraine to encourage recipients to open emails, which immediately compromised vulnerable Roundcube servers and shared that they discovered an overlap in the campaign with activity form BlueDelta, who exploited the Microsoft Outlook zero-day vulnerability last year. In any case, the investigation and exposure of the activity as a good example of the international public-private partnership that's proven useful to Ukraine in the cyber phases of its defensive war against the Russian invaders.

Dave Bittner: Derek Manky is Chief Security Strategist and Global VP of Threat Intelligence at FortiGuard Labs, part of security firm Fortinet. They recently released their semi-annual Global Threat Landscape Report, and I checked in with Derek Manky for the details.

Derek Manky: To me, the most prominent and what we highlighted in the report is the rise of wiper malware or wiperware as it's known, as well. So of course, these are attacks that have been quite limited in the past, Dave. Usually we saw maybe one of these campaigns per year, always APT focused, so a nation state going after critical infrastructure. What we saw last year and certainly in the second half of last year was an acceleration effect where we're seeing much more wiper malware being developed. We are seeing it being mass distributed, so not limited to APT. Yes, we saw some instances that started as targeted attacks via APT groups, but it's really become commoditized. I mean, there's wiper malware we observed that's been available on GitHub as an example. So there's a lot more families, a lot of distributions. We observed over 25 countries, just with wipers alone, and if we compared the third quarter, the fourth quarter last year, it is a 53% growth in activity just for wipers.

3a8082e126