MSPs In The Crosshairs: What To Do About It
The recent ransomware attack on Kaseya customers through MSPs should send shivers down the spines of solution providers everywhere.
- July 19, 2021 | Author: Todd Hyten
The recent ransomware attack on Kaseya customers through MSPs should send shivers down the spines of solution providers everywhere. According to CRN, 60 of Kaseya’s MSP customers were compromised—so that the attackers could, in turn, target up to 1,500 of their customers.
The move by cyberthieves to attack targets through their vendors and service suppliers has been gaining steam for a while—the SolarWinds attack last year was just such a supply chain attack. It seems as if every month there’s a new malware or ransomware attack that hits a new record in damage, scope, ransom amount, etc.
Just a few days after the attack, some recommendations for affected MSPs came out from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). The recommendations are also good for those MSPs not affected and want to boost their security stance. The FBI and CISA recommendations included
Enforcing multifactor authentication for their accounts (and customer-facing ones too).
Use whitelisting to limit communications with remote monitoring and management (RMM) tools OR place their RMM behind a VPN.
Ensure backups are up to date—and data is easily recoverable!
MSPs should also follow a manual patch process and follow all vendor remediation rules—and make patches as quickly as possible.
Of course, the cyberthieves’ real targets are the clients. MSPs owe it to make sure their clients are using the best storage and backup practices. Unaffected backups are the best way to ensure business continuity, especially when paired with practiced recovery and restore practices. Some major points to reiterate with your customers include:
Have a document action plan for disaster recovery that identifies what steps need to be taken, who needs to be notified and who are “hands on” in the process.
Your backup environment should be making frequent backups—that’s as many as possible.
A disaster recovery plan simply isn’t complete without offsite storage, but it has to be easily accessible for fast recoveries, too.
Use immutable snapshots of data—a format that is write-once, read many times that cannot be encrypted.
Practice full data restores with all team members, and practice different emergency situations, such as disaster recovery to failover locations or systems.
Tell your customers that recovering from any data disaster is not only possible, but it can be done easily with a combination of protected storage, cloud-based disaster recovery, and other key technologies, like immutable snapshots. The prepared organization is the one that will succeed in today’s environment.