Managed Security Services Provider (MSSP) News: 22 December 2020

Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

A. Today’s MSSP News Alerts

1. SolarWinds Orion Attack Update: Dozens of email accounts at the U.S. Treasury Department were compromised with hackers breaking into systems used by the department’s highest-ranking officials, the Associated Press reports. Separately, ARIA Cybersecurity Solutions, a CSPi business, is offering free use of the ARIA Advanced Detection and Response (ADR) for a three-month period to detect and stop attacks related to the SolarWinds Orion Sunburst hack. Track all updates SolarWinds Orion attack updates here.

2. Partnership - Cybereason and Oracle: Cybereason has adopted Oracle Cloud Infrastructure (OCI) as its preferred platform to power the Cybereason Defense Platform and support its global expansion. Also, Oracle and Cybereason entered into a partnership to jointly market and sell solutions. Cybereason specializes in endpoint detection and response (EDR), eXtended detection and response (XDR) next-gen anti-virus (NGAV), and proactive threat hunting.

3. Partner Program - Zero Trust Cybersecurity: ColorTokens has announced a partner program and associated portal for distributors, resellers, and other technology service providers.

4. Ransomware Attack - Kentucky Town: The Jefferson County Property Valuation Administrator's office in Louisville, Kentucky has suffered a ransomware attack, WDRB reports. The office is restoring data from a backup, and doesn't plan to pay the hackers' ransomware demands.

5. Ransomware Attack - Washington Town: The city of Ellensburg, Washington, has suffered a ransomware attack that has impacted all city departments -- including billing, administration and financial services, YakTriNews reports. The city, which had roughly 21,000 residents as of 2018, is still formulating a recovery strategy.

6. Ransomware Attack - Baltimore Schools Fallout: Unions representing Baltimore County public school principals and teachers delivered a letter to district leaders over the weekend, stating the lack of transparency and communication following the recent ransomware attack is “wreaking havoc upon havoc,” The Baltimore Sun reports.

7. Ransomware Task Force Forms: The Institute for Security and Technology (IST) has launched a Ransomware Task Force (RTF) to "provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise." More details and an associated RTF website are expected to debut in January 2021. Founding RTF members include:

8. Network Security Assessments: Arista Networks has announced Attack Surface Assessment, an advanced security service delivered through the recent acquisition of Awake Security. This new offering identifies cyber security risks from devices, users or third-party systems, especially those that go unmonitored today since they are beyond the visibility of the security team. Designed and delivered by experts who have responded to some of the world’s most consequential breaches, this assessment focuses on detecting and evicting the attacker rapidly.

9. Emotet Malware Campaign: Proofpoint has uncovered a new Emotet malware campaign pushing out nearly 100,000 messages. The possible threat actor behind it was last active in late October 2020, the company says.

B. MSSP and Cybersecurity Virtual Events and Conference Calendar