Big Game Hunting Attack Groups Are Using MSP’S Tools to Hack Their Customers.

Lawrence Cruciana, CEO & CTO of Corporate Information Technologies, is again working with ConnectWise to resolve a flaw in one of their applications. This time BGH’s found a flaw in unpatched instances ConnectWise Automate that allows them to gather server passwords. Our detection of the attacks against numerous ConnectWise API’s, including MFA bypass attempts, are “some of the highest fidelity” available. These provided our staff actionable packet-level capture of the attacks well in advance of the public disclosure of the vulnerability by ConnectWise.

MSP Increasing Your Cyber Risk
ConnectWise Partners Hit By Ransomware Via Automate Flaw

What does this mean for you?

The reality it that all products will have a flaw. Thus the importance of keeping up with patching and layering security. In this case, similar to the Wipro Breach, once they gained access, the hacker used the tools in a legitimate way to carry out the hack. So how do you guard against this?  In our opinion, it comes down to culture and priorities (of each MSP / MSSP).

Is your MSP Increasing Your Cyber Risk
Targeting an MSP is very lucrative for cyber-bad guys; Successfully penetrate the remote management systems of the MSP, and they get unfettered access

Every business has to prioritize their budget and resources. For many in the Managed Services space, that comes down to “build or buy” with respect to management, monitoring, and security solutions provided to their customers. We chose to source in-house deep expertise and top-of-the-line commercially supported systems. We combining that with experience-driven standards-based security frameworks, and layered on external audit and validation of controls. This is only half of the story. The other half is a culture of perpetual curiosity, ongoing professional development, and a professional atmosphere that encourages asking questions. This has driven us to adopt industry-leading security practices far earlier and much more comprehensively than many others. These include:

  • Our remote management and monitoring systems sit behind multiple layers of detective and protective systems.
  • We enforce strict use of Multi-factor authentication for all of our core systems. (And have for years)
  • We employ robust Identity management systems for our technical staff. This combined with separation of administrative capabilities adds additional layers of defense and detection.
  • We have numerous layered detective controls to detect changes in our and our clients’ environments. The alerts raised by these systems are reviewed in near-realtime.
  • We identified specific vulnerabilities, in this case months ago, on a core system we actively use and then promptly ensured our security and reported the issue.
  • Our clients are afforded multiple layers of protection against malware. Each of benefiting from strong administrative controls against tampering.
While no organization is impervious to cyber-attack, we have prioritized our budget, time, and resources to defend our systems against attack. It is at the core of our culture

“The bad guys want to see us fail. They want to steal from us and our clients. The tools, practices, configuration standards, and general level of security awareness that is present in this organization has (thus far) stopped us from becoming one of the statistics. There is much more to come from this attack and its outcome. Lawrence Cruciana.

Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised. 

Contact us to learn more and let us show you how good I.T. can — Don’t Gamble With Your Security