SpireTech Blog - Tag: MSP Security
Much of what we write about, and often repeat around security in this newsletter is based on actual experiences and real-world stories that SpireTech has been a part of or privy to learn about from others in the security industry that often may not hit the news. We never reveal the identity of those affected – but we do use these experiences to improve, and hopefully advise our clients of things to do (or not do). We hope you take our advice to heart.
We’ve talked about how people working from home should be using company-secured computers, or at least subscribe to our add-on package for securing home computers. Many recent stories of attacks have the same common trends that we’ve written about before. Lack of multi-factor-authentication on email or services on the web that can lead to compromise, aged hardware such as firewalls or network equipment that contain firmware vulnerabilities the vendor is no longer supporting or providing updates on, and often relying on some of the ‘ease of access’ that is present in software but may not be ‘safe’ to use. Read more...
Although SpireTech uses Kaseya software for systems management, neither SpireTech or our customers were victims of the latest headline news breach. Our response, analysis of the hack, explanation of why we were not affected, and plans moving forward are below.
Kaseya makes software for IT systems management. It is used by enterprises and managed service providers alike to streamline technician effectiveness, enabling a few technicians to manage thousands of systems at scale, including patch management, health monitoring, and providing helpdesk services. Kaseya, based in Miami Florida, is one of the largest vendors of this type of software. SpireTech has been using Kaseya software for over ten years.
We sent the following notification to VIPsupport client key contacts on Friday afternoon:
On Friday 7/2/21 at 12:48pm PT we were notified by our Remote Monitoring & Management vendor, Kaseya, of an active security incident involving their software being used to deploy ransomware, and advising us to shutdown our management server until security experts can determine the cause.
We have shutdown our server under the presumption this will protect us (and you), and are actively monitoring our Sophos Intercept-X software for indicators of compromise – and at this point, there are none.