The complexity and sophistication of ransomware attacks continue to rise. We’ve seen a dramatic increase in people reaching out to us in the last few weeks because of attacks that their current IT Service Provider couldn’t handle. But even more dangerously, we’re hearing some hackers are aiming for bigger fish to fry. Managed IT Services Providers (also known as MSPs), among their peers, have begun to whisper about the increased vulnerability they face. The hackers have come for them.
It makes sense. Let’s say you’re a hacker, wanting to find the easiest and quickest way to cause mayhem and earn cash. You could discover a vulnerability in a single business and exploit it, or you could discover a vulnerability in their IT Service Provider and end up with a dozen other companies to wreck.
The result is a severe increase in the number of facing ransomware challenges. As the New Jersey Cybersecurity & Communications Integration Cell reports, a ransomware known as Sodinokibi has recently targeted MSPs that did not update a common software.
It’s scary for everyone involved. Obviously, an IT Service Provider’s clients are placing trust in their provider to be as secure as possible and protect them from incidents like this. At the same time, their livelihood as a business relies on its trusted reputation, which leads to a widespread issue where they choose not to inform their clients about problems in the industry like this.
We don’t think it’s useful to put our heads in the sand, whether internally or externally. Part of being an IT Service Provider is acknowledging your risk as a target, so you can better plan for it. We are always evaluating our processes to stay on top of vulnerabilities as technology and cyber attacks evolve. This is no different. While we plan with our team, we also want to inform you about what we’re doing to keep our business (and clients!) secure.
Patching bugs and vulnerabilities remains one of the most significant ways to protect your business. Many hackers are working with exploits that have been discovered and fixed in an update. Regular patching and monitoring is an essential part of any provider’s mission to create a preventative IT strategy.
Removing Old Software
Look out for that extra program on your computer, lying dormant on the desktop. Yes, you might say, I don’t ever use it. I haven’t opened it in months, maybe even years. What you don’t know is that software is a hacker’s dream. If your computer is still connected to the internet (which obviously it is if you’re reading this article) or your internal networks, your device and network are at risk – even more so if it’s older, unpatched, and unchecked.
Getting Two-factor Authentication (2FA) On All Devices
Instead of just using your password, use another form of authentication like a code from a text message, approval from an app like Duo (link to Duo), or a physical dongle. While hackers can get clever – attempting to hijack your phone number so texts come to them, for example – 2FA remains one of the simplest ways to increase your security. And in today’s world, every provider should be using it.
Review Admin Rights
This is a big one. For IT Service Providers, sometimes in order to solve an issue, you have to set up admin credentials on a user’s device. What’s dangerous is letting these credentials lurk around for longer than they need to. Doing a review of what admin rights are out there is absolutely imperative.
Secure Admin Account Access
Sometimes admin access is necessary to maintain and manage the IT environment. This admin account privilege should be limited as much as possible. When possible all admin access, tools and consoles should be limited to internal networks and not exposed to the public Internet.
Lock Down Software
It’s simple – your software should only do the baseline of what it needs to function. Sometimes, software adds extraneous features that can offer opportunities for dangerous exploits. For example, the Sodinokibi ransomware took advantage of a remote management feature that was likely rarely even used by the impacted providers.
One of our most common requests is to change a user’s password because they are locked out of their account. When those requests come in, it should always confirm your identity through an “out of band” communication. For example, you contact support via email, then the engineer who makes the change should confirm outbound via phone. It is completely possible for someone to hijack your email or simply call in pretending to be you and request the password change on your behalf.
These security measures can be cumbersome. Switching to 2FA, for example, is almost guaranteed to come with some grumbling as you reach for your phone. For our team, some of the things in this article make their jobs just a little more troublesome. They add another step. It can frustrate our users because they have to ask permission, etc. However, the slight drawbacks you or I face is offset by the increased security they provide.
Finally, make sure that your IT Service Provider is doing these things not only for your business, but for themselves as well. A healthy, safe IT provider is a secure one!