Attackers target IT managed service providers (MSPs) and cloud service providers (CSPs), intending to install ransomware within their infrastructure and customer base.
This is reported in Secplicity, which is a leading source of information about IT and business security from WatchGuard Technologies.
The report states attacks are specifically targeting products and services MSPs use. These include ConnectWise and Kaseya software, the Webroot Management Console, RDP services and more. Once the MSP is compromised, the service providers’ customers will be the next target.
Although attacks on service providers have happened in the past, the recent malicious activity has progressed with new attacks that affect a large number of MSPs.
Over the past few weeks, there have been reports of support providers being compromised. Once ransomware has been installed on their systems, the customer networks are then often vulnerable. Attackers benefit from weaknesses in MSP authentication practices, unauthorised access to management tools and general lack of security controls.
This form of attack therefore allows access to multiple IT systems through one carefully focused attack.
What Should You Do?
In short, ensure your IT support provider is offering a secure service to you. Are they taking steps to protect themselves? Are they simply re-selling services from other providers that they cannot secure?
Don’t let other people’s vulnerabilities effect you.
Who Can I Trust?
Vantage IT made security and trust two of our central pillars at our inception. This applies to our customers and us. Because the danger of malware and hackers continuing to increase, you need to know that your IT systems are protected.
Please contact us for more information about IT security and how we can help you.