By Ryan Klund - SWICKtech Business Development Associate
In the wake several ransomware attacks on Managed Service Providers (MSPs) in the past year, particularly ones serving small governments and municipalities, do you have trust in the people holding the keys to your castle?
Before we dive in, In full disclosure, SWICKtech is an MSP serving hundreds of organizations, businesses and municipalities in the Midwest. We’re a leader in cybersecurity and stakeholder in this community. Every cyberattack is an attack on all of us cumulatively. Our goal in writing this article is to help prepare and protect other organizations and MSPs from the increasing cyber threat facing our country.
We recommend you take every precaution necessary to protect yourself from these very serious attacks.
MSPs are valued targets
Rather than installing malicious software and collecting ransom on single targets, which has been the primary way cybercriminals have made their living until very recently, these hackers have been focusing on MSPs - much more valuable targets with access to multiple victims and higher profits.
In the August 2019 cyber-attack that hit 22 Texas city governments carried out by “one single threat actor” according to Texas state government official reports, an MSP – TSM consulting – was hacked and access to valuable data allowed the ransom attacks to take place. According to an article written in the Houston Chronicle, the hacker requested $2.5 Million in ransom from the affected communities.
Hundreds of dental practice offices in the United States were ransomed one week later, August 2019, when an MSP was compromised and hacked. This time DDS Safe, a medical records retention and backup solution for dental practice offices based in our home state of Wisconsin. According to reports, some offices were ‘extremely frustrated’, still without records more than 30 days after the attack.
The Mistakes that were made
While not all the investigation details are known or publicized yet, there were some mistakes made by the MSP at the center of the Texas attack against 22 towns. ConnectWise, a control software program used by MSPs, was used to gain access and carry out the ransom attack.
According to reports, TSM Consulting wasn’t using the most up-to-date version of the ConnectWise software, vigilant with patches and didn’t have Multi-Factor Authentication (MFA) turned on in all it’s on-premise versions. “We’ve been stressing for quite some time, for a year, maybe two, the need to use MFA and enable it,” said John Ford – ConnectWise Chief Information and Security Officer, “But it’s really tough when you force something down on your partners because that’s generally not what you want to do,” he said.
In the wake of the attacks ConnectWise did make MFA a default setting as of October 1st, 2019 rather than offering it as an option. Ford said that while it could create some “abrasion” among ConnectWise customers it was the “right thing to do.”
What steps need to be taken to ensure security
Whether you’re an MSP, business leader or municipal government we cannot stress enough that the rising frequency and complexity of these recent cyber-attacks cannot be ignored. At SWICKtech, our Cybersecurity Elite Team put together three key steps that we implement for our business and governmental clients that can be added to your organization in the next 30 days to greatly decrease the probability that you’ll be penetrated by ransom attackers.
- Educate your employees on security. While cybersecurity measures are top-of-mind for many of us, we are in the minority. MSPs should coordinate training and policies with clients to ensure basic precautions are being made, because while an MSP might be entrusted with data – rarely are they developing or implementing policy with clients. Education should focus around smart password creation and management.
- Implement MFA. Multi-Factor Authentication is a tool that can greatly reduce your chances of your data being ransomed. MFA, requiring a code from a phone application should be implemented on sensitive platforms in your environment.
- Implement a Password Management system. Ensure employees are using secure and unique passwords by giving them access to software like LastPass, Passportal or Bitwarden. These systems protect and store passwords in an encrypted format and provide secure access to information with the help of a master password.
Thousands of times each day cyber criminals are attacking businesses and government entities with malicious software hidden in emails and some pessimists would say that it’s not a question of ‘if’ but ‘when’ your organization will be faced with a ransomware tragedy of its own. At SWICKtech, we’re confident in, not just these tools, but proprietary defense mechanisms designed to continuously fend off attackers.