1. MSPs, Other Solution Providers In The Cyberattack Crosshairs

In late October, Microsoft warned that the Russian foreign intelligence service responsible for the massive SolarWinds hack, which came to light at the close of 2020, had targeted more than 140 IT resellers and managed service providers since May and had compromised as many as 14 in a new surveillance effort. The Russian agency looked to exploit any direct access that solution providers have to their customers’ IT systems.

The warning was just the latest in a growing wave of cybersecurity and ransomware attacks this year that have targeted MSPs and solution providers – and what has been the biggest news story of 2021 for the channel.

Speaking at The Channel Company’s NextGen+ 2021 conference in October Danny Jenkins, co-founder and CEO of cybersecurity company ThreatLocker, said hackers have figured out that MSPs can be easier targets than major banks and government agencies. “Attackers can use existing tools against you – and they are – to get into your systems,” he said.

Perhaps the most damaging ransomware attack against the channel came mid-year when on July 2 IT service management vendor Kaseya took all SaaS instances of its VSA remote monitoring and management tool offline, citing a “potential attack” against VSA customers. The company also posted a notice on its website recommending that customers immediately shut down their VSA servers.

That was the beginning of what would prove to be one of the biggest ransomware attacks in years. The REvil gang, exploiting a vulnerability in the on-premises VSA software, compromised some 50 MSPs and encrypted end-customers’ data. The attackers demanded ransom payments from more than 1,000 victims, $50,000 from smaller companies and $5 million from larger ones – $70 million in total.

Kaseya VSA remained offline for about 10 days, causing disruption for MSPs and their clients and eliciting an apology from CEO Fred Voccola. The company issued a patch and restarted its servers on July 12. But the blowback continued with reports that the company had warnings about the VSA vulnerability and reports that Kaseya employees had warned management of the potential danger.

In November the U.S. Department of Justice announced that it had arrested two individuals, including a Ukraine citizen, charging them in connection with the Kaseya attack. DOJ officials described Kaseya’s response to the attack as “swift,” although a report said the FBI delayed helping victims of the attack to unlock their systems for nearly three weeks because sharing the decryption key would have tipped off the hackers.

A ransomware attack against Accenture showed how even the biggest systems integrators were vulnerable to what one solution provider executive called a “cyber-pandemic.”

Accenture was hit by hackers using the LockBit ransomware and threatened to release company data and sell insider information. Accenture confirmed the attack on Aug. 11, although it reportedly spotted the attack as early as July 30. Accenture said the incident had no impact on the company, maintaining it had successfully identified and contained the attack and isolated the affected servers.

The attackers reportedly demanded a $50 million ransom and in a Dark Web posting, ominously said: “If you’re interested in buying some databases, reach us.” The hackers also reportedly went after Accenture customers using credentials accessed during the cyberattack.

Solution providers were critical of Accenture’s lack of public disclosure about the ransomware attack, saying it was a missed opportunity to help the industry become better informed about the ransomware threat. Ironically, Accenture issued a cybersecurity report that warned about the threat of ransomware – just as the attack against the company was happening – without mentioning the attack against itself.

MSPs have tried to battle back against the threats. MSP executives on a panel at The Channel Company’s NextGen+ 2021 conference in October said they were pushing to increase their internal security standards and practices as cyberattacks targeting service providers continue to proliferate. And the companies that develop tools used by MSPs are expanding their software’s cybersecurity capabilities: In 2022, Cohesity will launch two new security offerings to help clients battle ransomware.