Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves
From scrutinizing the security of acquired assets and pen testing software development environments to limiting how much access MSPs have to customers, here’s what Black Hat 2021 attendees said MSPs should do following the Kaseya ransomware attack.
Test For Common Source Code Vulnerabilities
MSPs need to test for remote code execution or privilege escalation vulnerabilities in the software they build or deploy since they have so much sensitive end customer information and can be used as a launch pad to compromise customers, said Sri Mukkamala, Ivanti’s senior vice president of cyber products. MSPs must have visibility into what vulnerabilities are being introduced into their ecosystem, he said.
Hackers have taken a sniper-based approach to their cyberattacks and typically go after MSPs with customer density or knowledge in a particular industry, according to Mukkamala. They attempt to determine what technology and software these MSPs are using by looking at the questions their developers are asking on forums like Stack Overflow, Mukkamala said.
From there, hackers will conduct reconnaissance work to see if MSPs are susceptible to common vulnerabilities in any of the software products they use, and exploit any vulnerabilities that remain unaddressed, Mukkamala said. MSPs need to understand the offensive strategy of their cyber adversary and conduct purple team exercises focused on their own organization, according to Mukkamala.