On July 2, IT service management software provider Kaseya disclosed to its customers that it had been a victim of an attack from the same malicious group that recently collected $11 million from JBS foods. While the company said that it believed only 60 of its more than 36,000 customers were affected, many of those customers are also managed service providers (MSPs), which created a domino effect of vulnerability to about 1,500 additional businesses.
Disclaimer: Automox is not affiliated with nor does it use Kaseya products.
Exploiting MSPs is a particularly devious attack method, as it allows the attackers to then infiltrate the MSP’s customers as well.
While there’s unfortunately no bulletproof method for ensuring protection against the various cyber threats that exist, there are a number of preventive measures that can help mitigate cyber vulnerabilities and minimize exposure in order to reduce organizational risk.
Here are several best practices that can help decrease the probability and impact of a ransomware attack:
Assess your supply chain network
Every vendor you use is a potential backdoor into your organization. It’s important to make sure they have the right security teams, processes, and platforms in place to protect you. Ask about each of your vendors’ security policies and check that they are validated by third-party auditors. Your vendors should also conduct regular penetration testing to identify potential security threats to their infrastructure.
Keep your vulnerability monitoring systems up-to-date
To proactively defend against ransomware and other cyber attacks, your organization should patch and keep OS and third-party applications up-to-date to address known vulnerabilities and decrease exposure. The best way to do this is to implement automated patching workflows and aim to remediate critical vulnerabilities within 72 hours and zero-day vulnerabilities within 24 hours.
Provide frequent cybersecurity training for employees
Ransomware attacks can be as much a people problem as it is a technology problem. Make sure your users are educated and internal security processes are being adhered to on a consistent basis. This includes:
- Providing social engineering and phishing awareness training
- Ensuring unauthorized software is not in use
- Educating on data incident reporting and notification procedures
- Emphasizing the critical nature of data security and each employee’s responsibility to protect company data
Improve backup policies to accelerate recovery
The best mitigation step against ransomware is being able to restore data from clean, recent backups. Your organization should maintain secondary offline backups and/or rely on cloud storage for long-term backups of critical data to provide an effective stopgap in case of a ransomware attack. Conduct a comprehensive audit of all data locations to ensure that no critical data is missed in your backup plan. Additionally, you’ll likely want to increase the frequency of backups and leverage immutable storage to help keep backups clean and up-to-date.
Keep a close eye on dangerous CVEs
If your organization doesn’t yet use automated patch management, the lag time between a patch release and patch deployment can leave you vulnerable to a ransomware attack - as can incorrect patch application. If you need to prioritize, there are several key vulnerabilities that should be put at the top of your list for patching and testing:
- Microsoft Exchange Vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
- Microsoft SMBGhost: CVE-2020-0796
- Google Chrome Browser: CVE-2021-21193, CVE-2021-21206, CVE-2021-21220
- Fortinet FortiGate SSL VPN: CVE-2018-13379, CVE-2020-12812, CVE-2019-5591
- Pulse Secure Pulse Connect Secure VPN: CVE-2019-11510
- Citrix Application Delivery Controller and Gateway: CVE-2019-19781
- VMware Workspace ONE Access: CVE-2020-4006
- VMWare vCenter RCE: CVE-2021-21972
- Cisco AnyConnect Posture: CVE-2021-1366
With the number and frequency of attacks on the rise, it’s a critical time to evaluate your ransomware defenses. For more information about ransomware mitigation and the anatomy of ransomware attacks, refer to our recent post here.
About Automox - IT Operations - See Vulnerabilities in Cyber Security with Ease
Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire estate, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of location or environment.
Demo Automox to see how you can immediately gain effortless command of your endpoints.
