At Least 13 Managed Service Providers Were Used To Push Ransomware This Year (zdnet.com) 9
A new report published this week by threat intelligence firm Armor puts the number of managed service providers (MSPs) that got hit with ransomware this year at 13, possibly more. From a report: For those unfamiliar with the term, a managed service provider is a company that manages a customer's IT infrastructure using remote administration tools. MSPs have been around since the 90s, with the dawn of large computer fleets; however, they've been catching on with more and more companies in recent years. [...] Starting this year, ransomware gangs have realized that they could compromise the network of an MSP, and then use their remote access tools to deploy ransomware on the MSP's customer networks, infecting hundreds of companies and thousands of computers, all at once, with the push of a few buttons. In a report published this week, Armor took a deeper look at the entire MSP ecosystem and unearthed several other incidents. In total, the company found 13, but many more could be unreported.
Not very helpful (Score:2)
Well that article was lacking in a lot of details. It'd be helpful to know how the compromises happened.
From all the cases I've read, none of the MSPs had 2FA enabled on their accounts.
Re: (Score:2)
the same way do always do, some kind of phising method still works very well.
only one sucker is needed to fall for it.
You get what you pay for (Score:2)
So get rid of the IT guy who lives 10 minutes away and replace him with a Managed Service Provider located half way around the planet, probably in the same Third World country where the ransomware crooks have been operating with impunity for years. Then you're surprised when your company's computers all get hit by a ransomware attack?
How could anybody possibly have seen this coming? /s
Re: (Score:2)
everybody, except the people in power to make these decisions/deals saw it coming, or they didn't care since the 'savings' secured their promotion/big bonus.
Re: (Score:2)
Sad to say, but you nailed it, my friend. Until there are real consequences for large scale "facilitated" ransomware attacks, data breaches and other offenses that occur primarily because some corporation decided to cut corners, nothing will change.
Seems low... (Score:2)
This number seems low. I have dealt with more than enough breaches and security incidents to know for a fact businesses are generally just not willing to do what it takes to establish real security.
The bare minimum necessary to bring a product to market is the only objective. Security, Stability, Design are always sacrificed.
IT/IS is replete with barely capable developers, engineers, project managers, and management. We are stumbling around trying not to cause outages and unnecessary expense. High quali
Re: (Score:2)
The ransom guys have long switched to "we have captured you w*nking" and when that fails to work they now send bomb threats.
I got a rather cute bomb threat which according to the mail headers came from an MSP last week: https://www.fagain.co.uk/node/... [fagain.co.uk]
They sent it to the wrong guy though - it's been 30+ years since I have assembled an IED, but I can still probably build one from memory without looking up any of the chemical reaction recipes in an average
Re: Seems low... (Score:1)
Was the "from" address in that email literally "alert@bomb.com?"
That's just priceless.
Oh and I'm glad you're ok :)