You all probably know the story of the infamous data breach at Target, where customers credit card information was hacked and released on the dark web. Target was hacked through its supply chain, a vendor who had access to their network.
Do you have an HVAC company managing your businesses heating and air conditioning through a direct connection into your IT network? How about your phone system vendor, security system vendor, companies that manage specialized equipment in use at your business, your printer and copier company, IT company? Yes, your IT company.
Most SMBs (small and mid-size businesses) outsource their IT management and support. In order for these companies, often referred to as MSPs (managed service providers) to properly manage and support your IT infrastructure, they require secure access to your office. One would rightly expect that an MSP would have the proper security controls in place to ensure your safety, but just this week, multiple MSPs were infiltrated and the hackers injected ransomware into client networks via the tools in use by the MSP. This is a seriously troubling development as you have to have complete trust in your IT partner in order for them to effectively do their job and provide value to your business.
This is not the first time this has happened. It happened once a few months ago. The FBI has been warning MSPs for months, to take extra steps to ensure their systems are secured as hackers are known to be targeting MSPs because of the opportunity they represent. MSPs have hundreds and thousands of clients and those clients represent thousands and millions of businesses that are targets for hackers. If you want to do the most damage, what’s better than infiltrating and organization that has connections to many, many more.
In this particular case, it appears the hack was undertaken using weak credentials. It’s amazing to think an employee of an MSP would have a weak password, but the success of this most recent hack proves that’s the case. The hackers were able to login to two widely used technology tools in use by the MSP and then inject ransomware through those tools, to the MSPs client. The client is then faced with having to recover all of their systems from backup or worse, pay an expensive ransom to the hackers if their backups were also compromised.
In case you don’t think this is something to be concerned about, also this week, the town of Riviera Beach, Florida, had to pay hackers $600,000 in order to get its data back, because its backups were not sufficient to recover from a ransomware attack.
If you have any business partners and vendors connected to your internal IT network, you should audit those individuals and entities to ensure they are using appropriate and sufficient IT security solutions. You may have adequate protections in place for your employees and organization, but don’t forget to be sure that your partners do as well.