|
Welcome to the MSP Radio newsletter, catching you up on some stories you might have missed! Each week we'll pull a few stories from the podcasts, give you highlights and insights, and make it easy for you to catch up on the latest news and commentary.
Share the newsletter and podcast with your colleagues, and help change the conversation around delivering technology services.
|
|
Security Roundup
From Tuesday, Feb 4th's Business of Tech Podcast: This is a lot of security news, so I’ve combined it because it is all very related. Let’s start with the United Nations, which according to reports from the Humanitarian and the Associated Press, was the victim of a massive, likely state-sponsored hacker attack this past summer.
Sometime this past July, hackers leveraged a flaw in Microsoft Sharepoint and an unknown malware to gain access to dozens of servers. The breach leaked approximately 400 GB of data, and the extent of the damage is unknown. Notably, the organization did not disclose the details or severity of the hack until the press obtained an internal document regarding the issue.
Unrelated, a new threat report from cybersecurity researchers at Dragos details a piece of ransomware known as Ekans or Snake, which is designed for use in industrial environments targeting Windows systems. The researchers have concluded that the ransomware is the work of a cyber criminal operation and is a specific risk to industrial operations. To deploy the ransomware, the attackers need to compromise the network first. What is most troubling is that the code actively seeks out and targets applications in industrial control systems, after it already targets backups and encrypts data.
Finally, hackers are leveraging the coronavirus fears in new phishing attacks. Researchers with IBM and Kaspersky have revealed that the emails are posing as legitimate information about the virus, and reference opening the attachment to learn more.
Why do we care?
This is surely a steady beat. My interest in highlighting these is far less about the incidents and more about several key elements that are now clearly thematic.
First, the hacks are targeted, not random. This has been true in story after story. Now, they are targeted to an industry and specifically targeting applications within that industry. Second, a significant element of these stories is a criticism that the information was not released. Finally, there’s generally always a patch problem.
Speaking of patches, let’s reference a study now out. Over half of the most common security vulnerabilities exploited by criminals are more than a year old, and some are over five years old. Six of the most commonly exploited vulnerabilities are repeated from the top ten of 2018, and all are Microsoft related. Eight of the top ten? Microsoft related. (The other two most common are in Flash).
The lessons are pretty straightforward – the threat is targeted, not random, and so education is the opportunity. Don’t cover it up. Don’t. Disclose. It’s always better. And finally, software updates! Remove Flash and patch Microsoft. It’s not everything to be sure, but it’s significant.
Education is also critical. Users need to be informed on the trends, continually educated to know the possible threats, and helped to not fall victim. This is all pretty cliché, but that doesn’t mean it’s not true.
|
|
Louisiana Secretary of State has choice works for MSPs
|
|
|
|
What did the Secretary say, and what should MSPs do now?
|
|
Microsoft Cloud Insights via Gaming
From Thursday, Feb 6th's episode: Microsoft’s head of gaming, in an interview with new tech publication Protocol, gave insight into the company’s perspective on competition.
“When you talk about Nintendo and Sony, we have a ton of respect for them, but we see Amazon and Google as the main competitors going forward,” says Phil Spencer. “That’s not to disrespect Nintendo and Sony, but the traditional gaming companies are somewhat out of position. I guess they could try to re-create Azure, but we’ve invested tens of billions of dollars in cloud over the years. I don’t want to be in a fight over format wars with those guys while Amazon and Google are focusing on how to get gaming to 7 billion people around the world. Ultimately, that’s the goal.”
Why do we care?
This is the boldest Microsoft has come out in this space, but clearly the lines for them are in the cloud, the back end, and the ability to stream games.
The endpoint is not the battle, which is consistent to the view of endpoints in other sectors as well. That’s the strategy detail to note.
|
|
Four Stories that didn't make the podcast
In five minutes each day, there are stories that don't make the podcast but are still interesting and notable. I cover those in a weekly live stream, having a bit more time to talk about why they interest me, and why they didn't make the show. This week, the NYPD makes a change to a key policing tool, the Chip Industry Shortage, Airport Security and the checklist we can learn, new MSP Data, and Bezo's Parking Tickets. Check out the video below, and broadcasts go to Facebook, YouTube, and Twitch. Follow on one of those platforms to get live-streamed coverage as it happens!.
|
|
|
|
MSP Radio Livestream on YouTube
|
|
Upcoming events!
Catch these upcoming educational events!
- Making Ethics Pay in a World of Distrust and Big Tech
-
March 9-12, 2020 at the Venetian & Sands Expo in Las Vegas, I'll be presenting this unique keynote address, as well as participating on another panel and moderating a third. Use promo code SOBEL to save on your registration. Would love to have you there.
|
|
|
|
