Following recent supply chain attacks leveraging commonly used remote management tools, MSPs and any company providing managed technology services to a sizeable customer base, security should now be top of mind.
The recent attack that exploited aย vulnerability in the Kaseya VSAย product and led to a massive ransomware distribution campaign should be sounding the alarm to MSPs and other service providers that they need to do more to secure their environment for their sake and their customersโ.
And yes, that includes AV integrators that use software to remotely manage their clientsโ installations, especially as systems get deployed on IT networks and as integrators adopt more IT offerings into their portfolio.
The head of the cybersecurity research group that first alerted Kaseya of the vulnerability before the attackย recently told Reutersย that attacks against service providers will undoubtedly increase.
Now that criminals see how powerful MSP attacks can be, โthey are already busy, they have already moved on and we donโt know where,โ said Victor Gevers, head of the non-profit Dutch Institute for Vulnerability Disclosure, which warned Kaseya of the weaknesses before the attack.
โThis is going to happen again and again.โ
According to Reuters, Geversโ team has discovered similar vulnerabilities throughout the IT channel, but he didnโt name names since those issues havenโt yet been fixed.
Reuters also spoke with Chris Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency, who said any company with access to another organizationโs network is a prime target for a hacker.
โThatโs where you find the trusted access to customersโ systems,โ said Chris Krebs, the first leader of the U.S. Department of Homeland Securityโs Cybersecurity and Infrastructure Security Agency (CISA), which has made ransomware a top priority. โItโs a much more economical approach to launch a breakout attack. And itโs hard for the customer to defend.โ
Service providers like MSPs and integrators are a valuable and efficient target for cybercriminals because of the access they have to customer networks, which can be in the hundreds or thousands, depending on the service providerโs size.
In the case of the Kaseya attack, the ransomware spread via the tool to up to 1,500 customers of MSPs that used the software, leading to encryptions and hefty ransom demands of up to $5 million.
Now is the time to take steps to protect yourself from compromise, audit the software you use and ensure you arenโt introducing malware into your customersโ environments.
This article originally appeared on our sister publication Commercial Integrator‘s website.
