{"id":6976,"date":"2019-07-18T04:25:36","date_gmt":"2019-07-18T08:25:36","guid":{"rendered":"https:\/\/tsisupport.com\/?p=6976"},"modified":"2021-07-07T05:17:54","modified_gmt":"2021-07-07T09:17:54","slug":"msps-are-giving-clients-ransomware-the-top-questions-to-ask-your-msp-yesterday","status":"publish","type":"post","link":"https:\/\/tsisupport.com\/tsistaging\/?p=6976","title":{"rendered":"Managed IT services: MSPs Could Be Giving Clients Ransomware"},"content":{"rendered":"

A part of my week here at TSI is always spent wading through news stories to stay ahead of all the latest trends and best practices in our industry. After all, how can I provide clients with the most complete, accurate and actionable information to work from if I don’t have access to that data myself?<\/p>\n

Most of the time, the trends I spend so much time researching fall squarely in the “positive” category… though unfortunately, that isn’t always the case. Recently, I’ve been reading a lot about the spread of ransomware and what I’ve been finding has been concerning to say the least.<\/p>\n

It isn’t just that ransomware is on the rise, although anyone who has ever been a victim themselves can tell you how distressing that is. No, what’s really given me pause has to do with how that ransomware is spreading:<\/p>\n

Managed services providers!<\/p>\n

It’s absolutely true, and it’s something that is happening far more frequently that one could even imagine. In June, one MSP actually gave more than $150,000<\/a> to recover client data after a ransomware attack where in another situation, customers of three MSPs<\/a> were impacted by a totally separate incident that encrypted the entirety of their customers\u2019 networks.<\/p>\n

All of this recent activity is certainly worth a closer look, not only so that you can understand as much about what is going on as possible – but so that you can also take steps to avoid it altogether<\/em>.<\/p>\n

What do These MSPs have in Common?<\/strong><\/span><\/p>\n

Other than the fact that they’re all managed services providers, the major factor that all of these instances have in common is that the ransomware targeted the MSPs\u2019 remote monitoring and management tools. Such tools from Webroot and Kaseya were used to distribute the malware in these different instances, and all of this was possible due to stolen or otherwise compromised credentials. Unfortunatley, the troubling questions of how these credentials were stolen is still up in the air.<\/p>\n

The incidents were so severe that in their immediate aftermath, Webroot actually sent out an email to customers letting them know that two-factor authentication (otherwise known as multi-factor authentication) was now being enforced on their own remote management portal. This is a significant step, but also a critical one, as it requires not one but two forms of identification before access to the system is granted.<\/p>\n

Had this step been in place earlier, those compromised credentials wouldn’t have been as much of a problem. But sadly, some lessons need to be learned the hard way.<\/p>\n

The other thing that these MSPs have in common is that they were simply behind the fast-changing IT security curve. The fault for this isn’t all (if any) on Webroot and Kaseya – had those providers been more proactive about their own security, a lot of the risk could have been mitigated entirely. But they’re managed services providers, not managed security services providers – they were simply unequipped to deal with the changes taking place all around them.<\/p>\n

Likewise, some of the blame for this situation has to fall squarely on the impacted clients and the MSP Managing their environment. Yes, you need to put a certain amount of faith in your MSP to handle your security needs in an adequate way,but that doesn’t mean that you shouldn’t still make sure that your own house is in order, so to speak. We saw this recently when businesses who failed to update their Microsoft Windows-based systems were hit with the WannaCry worm. All told, that incident impacted more than 200,000 Windows computers<\/a> around the world – not all of that is the fault of a lackadaisical MSP.<\/p>\n

The Major Lessons to Be Learned<\/strong><\/span><\/p>\n

All told, many of the incidents I just told you about are still playing out – meaning that we still don’t know precisely what happened, and whether everything was decrypted or not after the ransoms were paid. There are, however, a number of important lessons that we should ALL be paying attention in the future.<\/p>\n

First, this is nothing if not a reminder on the importance of a quality backup plan. One of the impacted MSPs was able to quickly recover about 30% of their end-user systems<\/a> in less than a half hour because those clients employed the company’s Veeam-powered air-gapped offsite backups.<\/p>\n

Another consideration to keep in mind is that hackers themselves are quickly becoming more sophisticated all the time. Many of the hackers repeatedly targeted not only RMM platforms but also remote access, remote control and remote desktop services. The FBI and the United States Department of Homeland Security<\/a> have even taken the extraordinary step of repeatedly warning MSPs about these types of vulnerabilities.<\/p>\n

All told, hackers are repeatedly targeting MSPs due to the sheer volume of data (and the value of that data) that they can potentially access. Why spend your time going after one company when you can target an MSP and gain access to all of their client information in one fell swoop?<\/p>\n

In an effort to combat this, the FBI (and technology vendors, for that matter) have recommended that MSPs follow the NIST Cybersecurity Requirements and Guidelines. This allows businesses to better assess the unique risks they face by looking at areas like operations, their workforce, their customers, their strategy and even their leadership. It provides guidelines on identifying threats, protecting against those threats, detecting incidents, responding to incidents and recovery.<\/p>\n

How to Protect Yourself: The Questions You Need to Ask Your MSP.<\/strong><\/span><\/p>\n

All of this also proves that businesses will need to be proactive about making sure that their MSP is acting with their own best interests at heart in the first place. To help guarantee that they are – and to better protect yourself – you should ask any MSP that you’re thinking of partnering with the following questions:<\/p>\n