Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events Acronis #CyberFit Summit 2021 Avaya Newsroom Experiences That Matter Cisco Partner Summit Digital 2020 Intel Partner Connect 2021

Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves

From scrutinizing the security of acquired assets and pen testing software development environments to limiting how much access MSPs have to customers, here’s what Black Hat 2021 attendees said MSPs should do following the Kaseya ransomware attack.

Back 1 ... 5   6   7   8   9   ... 11 Next

Test For Common Source Code Vulnerabilities

MSPs need to test for remote code execution or privilege escalation vulnerabilities in the software they build or deploy since they have so much sensitive end customer information and can be used as a launch pad to compromise customers, said Sri Mukkamala, Ivanti’s senior vice president of cyber products. MSPs must have visibility into what vulnerabilities are being introduced into their ecosystem, he said.

Hackers have taken a sniper-based approach to their cyberattacks and typically go after MSPs with customer density or knowledge in a particular industry, according to Mukkamala. They attempt to determine what technology and software these MSPs are using by looking at the questions their developers are asking on forums like Stack Overflow, Mukkamala said.

From there, hackers will conduct reconnaissance work to see if MSPs are susceptible to common vulnerabilities in any of the software products they use, and exploit any vulnerabilities that remain unaddressed, Mukkamala said. MSPs need to understand the offensive strategy of their cyber adversary and conduct purple team exercises focused on their own organization, according to Mukkamala.

Back 1 ... 5   6   7   8   9   ... 11 Next

sponsored resources