Month: May 2021

Cloud computing originated a technology revolution for small businesses, providing them with the accessibility to various efficiencies that are usually available to large-scale companies. With the internet facility and web browsing, small businesses can avail themselves of the software and the cloud services as per their requirement, and they have to pay monthly for the service. Cloud computing allows companies to access everything such from data backup to customer relationship management tools.

Irrespective of the single cloud service provider you use in your business like AWS, GCP, or Azure, and using multi-cloud or hybrid cloud services for your business, you will spend money on the services, which you won’t be using. You should know the management of costs in the cloud environment.

Sometimes companies realize that they are spending their money often on the resources that remain unutilized. There are plenty of reasons that most resources get reeled up, stay unutilized or become unassigned for the operations. You need to analyze the resources, where your money gets to spend, and then cloud optimization is necessary to avoid unnecessary expenditure.

Although, you start the analysis for the cloud expenses or the money reserve for cost optimization, based on the past usage data, or initiate any progressive changes in your enterprise to manage the cloud costing for hassle-free working. So, you will need the specified tools available for expense management of cloud services.

There are many clouds costing management tools relevant to your business based on the size and complexity of your business. When you manage inventory on the cloud it provides easy and effortless work.  

The following tools are available for your consideration that you can select according to your business requirement:

1. Harness Cloud Cost Management Tool –

This tool is available for the modern-era software company in the cloud. Engineering, finance, and other teams can analyze the incoming costing and they can become proactive to visualize, manage and optimize the cloud costing in both the solo and collaborative way.

It is often used by the engineering, finance, and FinOps/cloud centre of excellence teams.

Advantages –

• This tool gives related information at a different level of the organization, without any tagging.
• It provides visible data of the cloud resources costing as per the utilization, idle, or unassigned category.
• It shows the savings suggestions for the complete workload and the justified information regarding the same, inclusive of the correct size.
• It runs the root cost analysis up to the resource level, with the possibility to link cloud events and implementation changes while using the Harness Continuous Delivery Platform.
• It can detect abnormalities, business budgeting, and forecasting functionalities which helps teams prevent unwanted cloud expenses.

2. AWS Cost Explorer Tool –

AWS Cost Explorer tool is a built-in tool designed by Amazon Web Services to assist you with exploring your costing. It’s a considerable tool for small scale businesses, although staff members usually find it tough to handle as it gets more subtle at times.

It is chiefly beneficial for financial institutions which require a high-level preview of their cloud costing and convenience for saving money for the entire cloud infrastructure.

Advantages –

• It’s a better solution for small scale businesses where limited staffing and a basic costing structure is available.
• It provides an efficient view of incoming costing for your cloud services.
• It offers suggestions based on the usage for saving the money you are spending on cloud services.
• You can even set the budgeting notifications with the tool.
• There are no extra charges involved for the AWS users.

3. GCP Billing Tool –

GCP Billing tool is a built-in tool by Google Cloud to provide an understanding of your GCP cloud bill. It’s remarkable for the beginning and on a smaller scale. However, the users find it tough to use it as it’s unable to provide minute detailing.

It is helpful for financial institutions which require immense level preview for the costs and recommendations to save the money for their entire infrastructure.

 Advantages –

• It’s a better solution for the small scale enterprises where simple budgeting and small teams are present.
• It gives an understandable view of the incoming costs.
• It guides you on saving your money as per the usage.
• You can set the budgeting notifications and how to control the GCP consumption.
• It won’t cost any extra charges to the users.

4. Azure Cost Management Tool –

The Azure Cost Management and billing tool by Microsoft Azure offers you an understanding of Azure cloud bill teams, an efficient view of costing into Azure cloud and some excellent integrations to examine more.

This tool is beneficial for finance companies that need a minute detailing of costing and guidance for the cost-efficiency of their infrastructure.

Advantages –

• This tool is best for small scale enterprises having a low budget and limited employees.
• You can integrate with PowerBI and AWS for better reporting and dashboards.
• It will give you suggestions on how to save costs according to the usage.
• You can set the budgeting alerts.
• There are no extra charges for the users.

5. Apptio Cloudability Tool –

Apptio Cloudability tool is a tool that assists the users to see the expenses and recommends for the management and optimizations. You can even visualize the preview of the costing profile during cloud migration.

It is more beneficial for the FinOps and finance institutions.

Advantages –

• It provides visibility into the multi-cloud services including AWS, GCP, and Azure.
• It gives you cost-effective suggestions including, your workloads, reserved details of purchases and correct sizing.
• It has a tag explorer feature with which you can search for any missing tags in your infrastructure.
• It can detect irregularities, helps in budgeting, and the forecasting feature assists to prevent any extra cloud expenses.

6. Cloudhealth by VMWare Tool –

Cloudhealth is a tool that governs cloud cost management. It is the only tool of its type in the cloud management tool market. It helps the users to get the visibility of expenses, provides suggestions on optimizing them and creates policies to achieve compliance and financial management requirements.         

It is beneficial for finance companies.

Advantages –

• It gives governing features to manage and create financial controls.
• It will provide the correlation between cloud deployments with the security risk involvement.
• It encourages multiple-cloud and hybrid cloud costs visibility.
• It gives suggestions for cost-efficiency for your workloads involving the reserved instance purchasing and correct sizing.
• It allows the forecasting and budgeting to prevent going over budget.

7. Spot by NetApp Tool –

The spot tool is a cloud management tool that guides companies to automate cloud optimization based on data. It is often compared with the traditional practices that emerge opportunities. Although the decision is over the companies for implying the tool, it makes the Spot tool a cloud management tool.

It is mainly helpful for the engineering teams, whereas the second choice for the finance teams.

Advantages –

• It gives automation ability to the companies for the optimization of cloud infrastructure, which involves container setups.
• It aids multi-cloud visibility including AWS, GCP and Azure.
• It gives more manageable steps for the optimization suggestions.
• It reflects those cost trends that show irregularities based on usage.
• It will reflect the forecast of expenses based on the past usage data.

8. Kubecost Tool –

This tool gives visibility towards the Kubernetes resources of the organization to minimize the expenses and avoid resource-based outages. The tool targets the identification of costs and optimization events of Kubernetes.

This tool is beneficial for the engineering teams.

Advantages –

• It targets assigning and optimization of Kubernetes costs.
• It gives guidance to enhance infrastructure and prevent outages.
• It provides visibility of costs approximately in real-time.

Conclusion

There are numerous tools available for the companies to utilize, so the correct tool selection depends on the business requirement. With the advancement of companies in cloud management strategies and enterprise developments, it is necessary to take responsibility for cloud costs. Cloud expense management helps companies to manage and optimize the cloud costs and helps them with effective budgeting.

If you’ve opted for Microsoft SharePoint web development then you need to prepare yourself to prevent high-risk Phish and Ransomware attacks. SharePoint servers are being targeted by high-risk, legitimate-appearing, brand-named phish messages and attacked by a notorious ransomware group exploiting an old bug. 

Researchers at Cofense discovered that a phishing campaign disguising itself in a SharePoint theme and bypassing security email gateways (SEGs). On Tuesday 27th April 2021, the firm stated this as an example of why it’s not always practical to share documents using the very popular and widely used collaboration tool, Microsoft SharePoint.

Phishing Through Legitimate-looking SharePoint Document 

Office 365 users are being targeted by the Phish with a legitimate-looking SharePoint document that asks users to urgently sign the document. The phishing campaign emerged in a spot that should be secured by Microsoft’s own secure email gateways. However, this is not happening for the first time the SEG gets affected. In December, spear phishers tricked the tech giant Microsoft.com itself to victimize 200 million Microsoft Office 365 users. They slipped past SEG controls because of the failure of Microsoft in enforcing domain-based message authentication, reporting, and conformance (DMARC). It is an email authentication rule that prevents exact domain spoofing (SPF/DKIM).

Is There a Need to ‘Response Urgently…’?

The spelling and grammar used in the phishing message are not as badly spelled as you find in phishing campaigns of syntactically unusual giveaways. It may be presumed that any SharePoint message that requests users to “response urgently” is not sent from a native English speaker.

It’s because the message creates urgency for the users to take action. Cofense noticed that other red flags reveals that the user’s name is not deceptive in the opening message. This indicates that it is a massive phish campaign targeting many users using SharePoint services.

Emails Ask Users to Enter Credentials to View ‘Pending File’

When recipients of the phishing email hover over the external link, they find a hide no reference to Microsoft. When they click on the hyperlink, they are redirected to the landing page which shows the SharePoint logo and the ‘Pending file’ notification forth a hazy background and a request that asks the recipient to log in to see the document. 

According to Cofense, that “could suffice for threat actors to extract & harvest users’ personal data.” When the login credentials are entered, the phishing campaign takes the victim to a tricked, unconnected document, “which might be enough to trick the user into thinking this is a legitimate transaction,” Cofense perceives.

Threat Activity Report

IBM in its X-Force Threat Activity Report addressed the phish as a “high-risk threat’ and recommended users of SharePoint Services to 

• • Keep antivirus software and related files up to date.
  • Look for prevailing signs of the indicated incidents of compromise (IoCs) in your ecosystem.
  • Block and/or set up detection for all URLs and IP-based IoCs.
  • Make sure that applications and operating systems are running at the latest released patch level.

• Be cautious about emails with attachments and links

The Phishing Campaign Sends Fake Material to Lure Users

The phishing campaign basically circulates fake material that looks legitimate to tempt users to click on the link and get access to the victim’s credentials. This is just like another attack against Microsoft SharePoint servers which have joined a variety of network devices such as Microsoft Exchange email servers, Pulse Secure gateways, and SonicWall gateways that are being exploited by ransomware gangs to gain access to enterprise networks.

Ransomware Gangs Exploit Vulnerability CVE-2019-0604

Ransomware is the second part of the double-SharePoint attack. This new variant was first seen in January by Pondurance. Analysts are giving it two names, either Hello as some examples use .hello extension or WickrMe because the group is using the Wickr encrypted instant messaging service to prey on victims for ransom.

The ransomware attackers are exploiting a Microsoft Share Point 2019 vulnerability (CVE-2019-0604) to make their way into their targeted users’ networks. Then, by using Cobalt Strike, they are targeting domain controllers and launching ransomware attacks.

Unpatched Servers Are More Vulnerable

The high-severity CVE-2019-0604 leads to remote code execution. Microsoft team patched the issue in March 2019. However, there are persistent attacks that are trying to compromise unpatched servers later. 

So, if you’re involved in SharePoint web development, then you must ensure that your server is patched from time to time.

The Use of Cobalt Strike to Create a Backdoor

After the web shell installation, a cyber-attacker uses Cobalt Strike. This is a commercially available penetration-testing system that attackers use to create a ‘backdoor’ that allows them to run an automated Power Shell script that downloads and installs the final payload, the Hello or Wickr ransomware.

It was revealed on Wednesday by Jeff Costlow, CISO of ExtraHop, that the ransomware attacks against the Microsoft SharePoint 2019 vulnerability affecting SharePoint servers are the most dangerous ones in the double attack. In that what happens is they deploy remote control software and then give direct access to the infrastructure to the attackers to frolic freely.

Share Point Server is the Common Thread

Costlow commented that “The common thread is the Share Point server.” Therefore, those who are using SharePoint services need to make sure that they are patching any cases of SharePoint to prevent the installation of malware or ransomware. This will fix the phishing problem.

Attackers can easily create legitimate-looking sites. A rethink is necessary to see how sharing is done. A positive stance needs to be taken by Security teams to help SharePoint users run their daily businesses safely.

There are several ways to warn users against potential attacks. For instance, they can set up each SharePoint server to use a familiar image or background for users to make sure that they only enter login credentials on legitimate sites. 

2 Different SharePoint Jabs

On Wednesday morning, Cofense said that there is no apparent connection between the Microsoft Sharepoint phishing campaign that was exposed by its team of analysts and the Hello/Wickr ransomware gang’s constant exploitation of SharePoint server susceptibilities.

Nevertheless, an expert noticed that there’s a certain consistency in the pattern that these cyber-attacks follow: First, there’s news about vulnerability, then it is eventually held by attackers searching for the victims of unpatched servers.

Nation-State Players Target the Users Who Have Not patched

Avihai Ben-Yossef, CTO and Co-Founder of Cymulate commented on Wednesday that they have witnessed this lot of times. He observed, “In the last year, we see a repetitious pattern in such attacks. A zero-day is taken advantage of by a nation-state actor.” In this case, the victim company is Microsoft declares the vulnerability and eventually patches it.

Later on, the nation-state actors seize on and learn about the vulnerability and subsequently attacks users who have not patched yet. And then, comes the notorious ransomware attackers who socialize and exploit it on Dark Net sites and use it to launch their attacks. 

Attackers Exploit the Identified Vulnerability

The launch of the double Microsoft SharePoint attack is happening because the nation-state actors exploited it first as a zero-day and then later on as an identified vulnerability. Then it was exploited by ransomware players.  

He further explained, “The idea is to know what kind of problems you have and where. If you do not know, you can’t protect yourself. Organizations must develop a better response capability to track these announcements and threat intelligence and patch quicker.”

Final Thought

Considering the severity of Phish and Ransomware attacks, enterprises must be backed by a professional SharePoint web development company as the SharePoint experts can keep their applications safe and secure by keeping everything up-to-date. Also, they will follow the best security practices and keep these attacks at a bay.