Following recent supply chain attacks leveraging commonly used remote management tools, MSPs and any company providing managed technology services to a sizeable customer base, security should now be top of mind.
The recent attack that exploited a vulnerability in the Kaseya VSA product and led to a massive ransomware distribution campaign should be sounding the alarm to MSPs and other service providers that they need to do more to secure their environment for their sake and their customers’.
And yes, that includes AV integrators that use software to remotely manage their clients’ installations, especially as systems get deployed on IT networks and as integrators adopt more IT offerings into their portfolio.
The head of the cybersecurity research group that first alerted Kaseya of the vulnerability before the attack recently told Reuters that attacks against service providers will undoubtedly increase.
Now that criminals see how powerful MSP attacks can be, “they are already busy, they have already moved on and we don’t know where,” said Victor Gevers, head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.
“This is going to happen again and again.”
According to Reuters, Gevers’ team has discovered similar vulnerabilities throughout the IT channel, but he didn’t name names since those issues haven’t yet been fixed.
Reuters also spoke with Chris Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency, who said any company with access to another organization’s network is a prime target for a hacker.
“That’s where you find the trusted access to customers’ systems,” said Chris Krebs, the first leader of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which has made ransomware a top priority. “It’s a much more economical approach to launch a breakout attack. And it’s hard for the customer to defend.”
Service providers like MSPs and integrators are a valuable and efficient target for cybercriminals because of the access they have to customer networks, which can be in the hundreds or thousands, depending on the service provider’s size.
In the case of the Kaseya attack, the ransomware spread via the tool to up to 1,500 customers of MSPs that used the software, leading to encryptions and hefty ransom demands of up to $5 million.
Now is the time to take steps to protect yourself from compromise, audit the software you use and ensure you aren’t introducing malware into your customers’ environments.