As the world moved towards digitization, it was not possible for all companies to hire in-house teams to build their IT infrastructure from scratch. Large organizations could indeed invest the required time and resources to invest in such a setup. However, SMEs (small and medium enterprises) did not enjoy the same luxury.
Instead, they relied on industry experts in the form of MSPs via a subscription model who could work from the word “go”. These MSPs offered multiple services including proactive support, maintenance, monitoring, centralized management, and remote support. The management of an organization stands tall because they know that the MSPs are always at their back. However, how will businesses react when they realize that their IT collaborators can put their sensitive data at stake?
Exploiting Remote Monitoring Service
This is exactly what happened in the last week when cybercriminals exploited a vulnerable plugin from a remote management service of a MSP and used it to unleash a ransomware strain. As a consequence, customers of a MSP were at the receiving end of malware. When the hackers were able to identify a security loophole in the plugin, they applied encryption on the servers and endpoint systems of the customers.
As a consequence, almost 2,000 systems were affected while the MSPs received a ransomware demand worth $2.6 million for ransomware removal.
Online MSP forums like Reddit paint a bleaker picture. There is an air of uncertainty in the MSP industry as many professionals came under stress. The chief architect at Huntress Labs, Chris Bisnett, shed some lights on the gloomy atmosphere in the MSP scene. He explained that while grasping the fact that their own tool is exploited to threaten the security of its systems, MSPs are frightened at the prospect of dealing with such an attack with the realization that they could well become the next victim.
When the malware initially surfaced, ransomware removalexperts discovered the culprit to be Kaseya’s remote solution. Kaseya is a MSP which provides remote management and monitoring so the systems of clients are tracked and configured 24/7.
By misusing the loophole, hackers were able to type commands from their remote locations, thereby gaining access to the database of Kaseya. Mr. Bisnett remarked that the skill-set of the cybercriminals was so impressive that it almost looked as if they were the actual MSP administrator. He explained that the perpetrators spread an executable file so ensure that all the systems which were handled by the MSP were threatened.
A spokesman from Kaseya stated that “This only impacts ConnectWise users who have the plugin installed on their on-premises VSA”. The company is confident that only a few of their clients are at risk and therefore dismissed any possibility of a large-scale attack.
