Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves
From scrutinizing the security of acquired assets and pen testing software development environments to limiting how much access MSPs have to customers, here’s what Black Hat 2021 attendees said MSPs should do following the Kaseya ransomware attack.
Monitor And Analyze Software Update Process
Adversaries have gotten access to the customers of MSPs by infiltrating their software update process and deploying malware, meaning that MSPs must do better at monitoring and analyzing the software update process of suppliers, said Jon Clay, Trend Micro’s vice president of threat intelligence. Attackers are looking for the critical systems and processes MSPs utilize, and no longer start at the endpoint.
The Kaseya VSA compromise leveraged unpatched systems and critical applications, and Clay said MSPs are most concerned about man-in-the-middle attacks since they allow bad actors to compromise customers by inserting themselves in the middle of recurring processes. Going forward, Clay said MSPs must become more diligent about monitoring and protecting their supply chain.
The software supply chain is massive for MSPs, and threat actors are taking advantage of unpatched vulnerabilities increasingly quickly, meaning that MSPs looking to manually vet software updates for security issues before implementing them are leaving themselves susceptible to attack, Clay said. If MSPs don’t trust the software coming from third-party vendors, they’re going to get stuck in the mud.