Cybersecurity Roundup: MSP Ransomware Update, McAfee, Secureworks-Microsoft, Exabeam
The number of MSPs that have been compromised by ransomware continues mounting, with the total number reaching 13 since the start of the year, according to a new report by Armor, a global cloud security provider.
Armor has identified six new MSPs and/or cloud-based service providers that have been compromised. What appears to be three of the most damaging ransomware attacks against MSPs involved dental practices and municipalities, such as PerCSoft, a Wisconsin-based MSP that offers technology solutions including computers, software, digital equipment, phone systems and audio, and PM Consultants, an Oregon-based MSP providing IT consulting services to dental practices including software updates and backups, according to Armor.
To find out more about why a growing number of MSPs are being targeted, we spoke with Ryan Smith, Armor’s director of product management.
CF: Why are so many MSPs being targeted with ransomware? What makes them attractive targets?
Ryan Smith: As with any series of cyberattacks, Armor believes that the ransomware attacks against MSPs are a mix of both targeted and opportunistic attacks. In other words, we believe that many of the threat actors are initially doing the ‘spray and pray attacks,’ whereby they launch widespread, indiscriminate attacks not targeting any particular type of organization. Once they have acquired a list of initial victims, they comb through their victim list looking for the really desirable victim organizations. Upon seeing that they have snared an MSP, they then download their ransomware.
Being able to compromise an MSP makes a very attractive target because it gives the attacker a ‘one to many’ scenario. In other words, by hitting one MSP they can potentially infect all or many of an MSP’s customers. We saw this with PerCSoft. Approximately 400 of their dental practice customers were seriously impacted by the attack. We also saw this with the TSM Consulting. They suffered a notable ransomware attack in August, that in turn affected 22 Texas municipalities at once. This type of widespread attack can certainly put a lot of pressure on the MSP to pay the ransom.
CF: Are there any similarities between the compromised MSPs?
RS: The list of other victim MSPs is diverse, with some connected perhaps by their impact on professional groups such as attorneys, real estate agents and accountants:
- CorVel, which offers health care management services in support of worker’s compensation, auto, liability, disability insurance and group health.
- Apex Human Capital, which offers payroll, human resources.
- iNSYNQ, which provides QuickBooks accounting services for accounting firms.
- TSM Consulting, which offers software and IT services for the public safety sector including law enforcement.
- MetroList, which offers computer and multilisting services for 20,000 California real estate agents.
- TrialWorks, which offers case management software and cloud backup for attorneys
CF: How are these MSPs being impacted by ransomware? Have they suffered damage? If so, how?
RS: In the case of PM Consultants, it has unfortunately shuttered their business. In the case of PerCSoft , it appears from various news sources and online posts that they…