Cyber Security News Update 2/15/2019

The Russian Federation is planning to completely disconnect itself from the internet sometime in 2019 as a part of a test to see how the country’s infrastructure will handle losing access to the outside world. Russian citizens regularly use platforms approved of or built by the Russian government that are independent of their western counterparts such as VKontakte instead of Facebook. Completely disconnecting the internet from Russia is going to be an interesting exercise for several reasons, one being that it has never been done before and seeing how their systems handle it will provide novel data. Secondly, by disconnecting everything Russia may be able to see what systems are infected with malware of monitoring malware by watching for network spikes as the connection closes and reopens. It will also allow any known malware to be purged, or more likely, rewritten or replaced with something that feeds false information to the malware’s original owner. If the second is the case it will be a counter-intelligence coup that could upset the balance of knowledge between Russia and other countries. An interesting detail is that the test, of which the “how” hasn’t been revealed, is being run by the Natalya Kasperskaya who is the co-founder of Kaspersky. This may not help the beleaguered Kaspersky Labs which has tried to make it seem distant from the Russian government. While Russia claims that the exercise is to test their ability to resist a foreign cyber attack by completely isolating themselves, it is possible there are other motives behind this exercise.
Source: Russia Preps to Completely Block Foreign Internet

Ransomware GandCab is targeting Managed Service Providers (MSPs) through a plug-in vulnerability which was found by Huntress Labs. The vulnerability has been patched out since 2017, but devices without the necessary update remain weak to the attack. The exploit allows an attacker complete access to the target system and any attached systems, which could be very costly and damaging for any networked devices. The dangers of unpatched devices cannot be overstated and it remains one of the easiest vulnerabilities to patch within a network. A mandatory update policy is something that can reduce your organization’s exposure to the risk presented by a device that lacks security updates, as most attacks rely on old and well-known vulnerabilities. The greatest defence against malevolent actors are good habits such as updating your devices and leaving suspicious emails unopened.
Source: Ransomware attackers exploit old plug-in flaw to infect MSPs and their clients