Cyber 3-2-1: The cloud is someone else’s computer, your MSP could be your biggest security weakness, and attackers can now speak your language

Cybersecurity Without Insanity? It could be as simple as 3 – 2 – 1…

This week: Danish hosting provider is hit by ransomware, Your IT MSP could be an attacker’s Most Successful Pathway into your systems, and Scammers can now speak your language

 

3 – Danish hosting provider is hit by ransomware

“Danish hosting firm CloudNordic [and sister brand AzeroCloud] have suffered ransomware attacks, causing the loss of the majority of customer data and forcing the hosting providers to shut down all systems, including websites, email, and customer sites.”

According to a recent report in Bleeping Computer, and shared on LinkedIn by Declan Timmons of Ward Solutions, the ransomware attackers were able to encrypt all data storage devices and backup systems. “The majority of customers have consequently lost all their data.”

Key takeaway: If we translate “cloud” as meaning “someone else’s computer”, we realise how reliant we are on “someone else’s computer” to keep our data safe. We need to ensure we have separate backups of our most important data, and these backups need to be stored elsewhere. That way, if “someone else’s computer” fails, we aren’t left with just a very apologetic press release.

 

2 – Your IT MSP could be an attacker’s Most Successful Pathway into your organisation

The Play ransomware group is just the latest gang to target IT MSPs (Managed Service Providers) around the globe as a way to gain access to the MSPs’ customers.

According to a report in Dark Reading, and mentioned by Secure The Village, the group “breaks into MSP systems and uses their remote monitoring and management (RMM) tools to get unfettered access to the networks and systems of customers of the MSPs”. Apparently, the gang gains access to the MSP by fooling an employee of the MSP with a phishing email.

Key takeaway: What evidence have you received from your IT MSP recently to prove that they are not your biggest security weakness?

 

1 – Scammers can now speak your language

Meta (the mass surveillance company behind Facebook, Instagram, WhatsApp, etc) has released SeamlessM4T, the first “many-to-many direct speech-to-speech translation system“.

For many years, there have been ways to translate our spoken words into the text of another language. Anyone who has used airbnb to rent properties in far-flung places will know the value of the Google Translate app, for example. But this open-source model from Meta brings us to a whole new level, with its ability to listen to your words and turn them into speech in any one of 35 other languages, in real-time. You can read more about the model here (Credit to the TechPizza newsletter for mentioning it).

Key Takeaway: We will soon be able to speak to people in their native language. And so will the cyber scammers.