1000s of firms infected by ransomware via their IT helpdesk
1000s of firms have been infected by ransomware through their IT service provider
1000s of small and medium sized enterprises have been infected with ransomware that infiltrated their network through the software deployed by their outsourced IT support firm.
The REvil ransomware gang exploited a vulnerability in the Kaseya software used by the IT support firms to run their businesses. Once the criminals were in the Kaseya network, they used its trusted access to get into the networks of end users and deploy their ransomware.
This technique of infiltrating the systems of one business in order to get access to their clients is called a supply chain attack. It's a bit like a criminal getting a job as a guard with your security firm in order to gain access to your offices.
According to the security firm that is helping Kaseya respond to the incident, over a thousand of their customers customers networks have been attacked with ransomware.
Managed Service Providers, as IT support firms are called, help small and medium sized businesses run their IT and networks saving their clients the need to employ in-house experts. However, the success of the MSP approach is also its greatest weakness. MSPs are usually organised around their central Helpdesk. Customers call in with a problem and a pool of engineers and experts who are shared across many clients are able to use tools like Kaseya to access the customers computer and solve the problem remotely. In other words, MSP are by design reactive in their approach. They will solve a problem if you spot it and report it. But your typical MSP will not go looking for trouble - they will not proactively check your network or systems for problems. And this could be leaving you vulnerable if you do not have the expertise or bandwidth in your firm to oversee and manage the performance of your MSP.
This is where Cool Waters Cyber can help with our 'virtual cyber security manager' service. One of the ways we help our clients is by over-seeing the performance of their MSP, asking the questions you don't know to ask and proactively checking your network to find any problems or dangers that your MSP needs to fix.
To find out more about how we help business owners make sense of cyber, click here to book a free initial consultation