Welcome!

Craig discusses big problems found with the Microsoft Azure Store and provisioned servers that were part of this massive command and control network run out of China. 

For more tech tips, news, and updates, visit – CraigPeterson.com

—

Read More:

—

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] We’re going to talk about Microsoft and the Azure store and President Trump and WannaCry. Do you remember that terrible piece of malware? It’s back.

Hey, you’re listening to Craig Peterson, make sure you follow me online as well. Craig peterson.com. It is a pleasure to be with here with you here today. I had just so many great discussions with people this week.

I sent out a three-minute training, the first three-minute training. I’m going to be doing more and more of these here as time goes on. This training got just a plethora of responses from people. I’m so happy I could help out many people this week, including a bunch of tiny businesses, and that’s what I love to do.

That’s why I do this, right. Help you guys out a little bit here. Now. I have customers, big paying customers, usually companies that are regulated and need cybersecurity. But for the rest of you, I still will help you just as much as I can. There are some things you need to do, and that’s what this is all about.

Well, you know already about the Apple app store. I’ve talked about it many times. Do you know about the Google play store? Both of those are stores that you go to to buy or download little applications that you can use on your smart devices. They’re both tremendous small stores. Apple tends to do a better job when it comes to watching for security problems than Google does.

Both of them tend to take about a 30% chunk of any money that you pay. Then of 75% or 70%, I should say to the developer. Well, Microsoft has a store, as well. You might have heard of Azure. That’s a service that Microsoft has, and it is an online service. It’s a cloud service. It lets you run Microsoft Windows in the cloud, in a data center.

That’s managed by Microsoft, run by Microsoft in most cases. Also, by the way, it’ll let you run various types of Linux, and that was a bit of a surprise, but anyhow. That’s the Microsoft Azure story. Then we also have over on Amazon, and that’s called AWS Amazon web services. There is a lot of others too.

We tend to use some of the IBM stores, including the IBM mainframe stuff, which has just been unique to us, just how good those things are. The IBM mainframes, how fast they are, and how inexpensive they are for computing stuff. It’s just amazing. Anyhow. Microsoft and IBM and Amazon and anybody that has one of these cloud services also have a store.

And it’s much like the stores that you would expect to find for your smartphone. But in the stores where we’re talking about here, Azure, or these cloud services, they are selling and leasing or renting fully configured machines. So you can go on, you can say, Hey, I want a new Ubuntu version, blah, blah, blah, or red hat enterprise Linux, which is what we tend to use, version this and such, and maybe you want also to use containerized stuff. And so they have all of these things pre-configured you can say, Hey, I want a database engine and Tada, poof, there is a database engine for you. It can be either poorly maintained by them. And you have no idea what it is. It acts like MySQL or whatever other databases you might want it to appear to be. Perhaps it’s your version of that. Those types of apps are available in these cloud services to use those terms loosely.

Well, earlier this year, it turns out, according to Dan Goodman, who wrote an article over at ARS Technica up on my site. Still, members of the Microsoft threat intelligence center suspended 18 Azure active directory applications because they determined they’re part of this massive command and control network run out of China.

Now we can also talk here about commanding control because your computer might even be part of this. So, if you have a computer and that computer gets hacked, one of the reasons they hack it is to use it as part of a command and control network.

Now here’s the idea behind the command and control hackers. They’re not going to ransom your data. They’re not going to try and do something nasty with it. These command and control guys don’t care that your computer can do anything other than connect to the internet.

So one of the things they’ll do with command and control is to do what’s called a denial of service attack against somebody. So there’s some company they don’t like, or maybe they’re ransoming. This company says, Hey, listen, we’ll shut down your website unless you pay us a million dollars.

What they’ll do is he’ll use a thousand, 10,000, however many computers they have in their command and control network. They’ll use them now to send off fake website requests to that company. Then that company’s servers just get hammered, and nowadays, we see in the order of tens or even hundreds of thousands of requests per second coming into some of these data centers and that there are services out there to protect against it. Those types of denial of service attacks. Okay.
But here’s where things start getting interesting. They all also use command and control systems to send out emails, do phishing, and even research them. So command and control just as it sounds is they have control of your computer. They send commands to execute.

So, in this case, what we’re finding is that Microsoft had these apps that were in there as your active directory, their cloud service, that were part of this commanding control network. 18 different applications. Again, we’re not just we’re not talking about an app, like an app that would be in the windows phone. Suppose you are sad enough to have bought one and no longer getting support. So it is a difference. It’s a pretty big difference.
These are the types of applications that are used by businesses, database applications, web server applications. All right. It’s not just the fortune 500 companies that are doing this anymore.

We’re talking about the smaller guys who don’t have the resources to be able to check.

You know, between the two of us, most of these fortune 500 companies aren’t doing what they should be doing either. Hence all of the hacks that we’ve been seeing. So this hacking group that Microsoft is calling gadolinium had the cloud hook, hosted applications, and had also been storing stolen data in a Microsoft one drive account and used that account to execute various parts of their campaign. Now, Microsoft, Amazon, all these other cloud providers have been touting how secure it is, how fast these cloud services are. They’re just so much cheaper. Oh, this scale that comes from renting computer resources. I remember describing what they were hoping for a way back when with cloud services, that it would be like the power company who cares where the electricity comes from as long as you flick the switch and the light comes on.

It is no longer like that. The hackers have realized now the benefits of hacking the cloud surfaces and, in this case, using them to share their stolen data to store it, et cetera, et cetera. And now, there’s so many free trial services and one-time payment accounts. Hackers have been able to get these different things up and running quickly.

As I mentioned before, they can even buy their materials, their software to do the hacking, do the phishing, do the ransomware, and sell the decryption stuff. They even have banks that’ll handle the transactions to convert Bitcoin into the US or whatever dollars they want to. Very very big deal.

Earlier in the show, I’ve talked about this before some of these tools are in use right now, particularly in Windows PowerShell, that are not well secured and legitimately used by the system. Administrators have become a huge, huge tool for the bad guys to use. They’re so widely used for legitimate tasks. It’s tough to detect the reuse of these illegal tasks.

This group, this gadolinium group, has recently started using a modified version of the PowerShell empire post-exploitation framework. It’s open-source. Can you believe this stuff that’s going on? So it’s terrifying. Agility and scale, frankly, are working both ways here against us, and for us, I am very concerned about some of the stuff that’s going to be happening.

If we’ve got some of these bad guys that are out there, right? Some of these terrorist groups, domestic terrorist groups, are burning our cities right now and shooting people, shooting cops, et cetera, that these terrorists will be using these same techniques shortly here in the US. You probably already are. We already know it is using them to finance and fund their operations. Very, very scary stuff.

So, one more thing real quick before we go. That is WannaCry. Very, very big deal. SonicWall is reporting a 109% increase in ransomware in the US during the first half of 2020. Keep your eyes out. It is very, very inexpensive for the bad guys to do. Get ransomware on your systems. They have high rates of return on it with hardly any risk for them and even outsourced it. We’ve talked about that before. It is a preferred method of attack for cybercriminals. So be very, very careful out there.

Get the right kind of security. I was talking with a couple of companies this week. We’re going to be putting some of the prosumer Cisco stuff in place to help out a small company and some of the commercial hardware you need to have if you are a regulated industry. So we’ll be doing some of that this week, too.
So I’m going to be kind of busy, but I plan to release two videos this week, two training videos, and knock on wood. One will be on Tuesday, and one will be on Thursday, but we’ll see how it goes. I only got one out this week.

You’ve been listening to Craig Peterson. Have a great week, and make sure you visit me online. me@craigpeterson.com.

—

More stories and tech updates at:

www.craigpeterson.com

Don’t miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553

Listen to this episode