Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Hackers Abused MSPs and Their Remote Management Tools to Deploy Ransomware on Customers’ Networks

Hackers Abused MSPs and Their Remote Management Tools to Deploy Ransomware on Customers’ Networks

  • The remote management tools which were targeted include Webroot SecureAnywhere and Kaseya VSA.
  • The tools have been abused to execute a Powershell script that downloads and installs the Sodinokibi ransomware.

Attackers have hacked three Managed Service Providers (MSPs) and abused their remote management tools to deploy Sodinokibi ransomware on their customers’ systems.

The incident came to light after some of the impacted MSPs reported in a subreddit on Reddit dedicated to MSPs.

The big picture

Kyle Hanslovan, co-founder and CEO of Huntress Lab, analyzed the incidents and revealed the following,

  • Attackers compromised the MSPs via exposed RDP endpoints.
  • Upon compromise, attackers gained escalated privileges and uninstalled antivirus products such as ESET and Webroot.
  • The attackers then searched for remote management tools used by MSPs to manage remotely-located workstations of their customers.
  • They then abused the remote management tools to execute a Powershell script on customers’ systems.
  • The malicious script downloaded and installed the Sodinokibi ransomware on customer endpoints.
  • The abused remote management tools include Webroot SecureAnywhere and Kaseya VSA.

“Two companies mentioned only the hosts running Webroot were infected. Considering Webroot’s management console allows administrators to remotely download and execute files to endpoints, this seems like a plausible attack vector,” Hanslovan said.

Webroot makes 2FA mandatory

After the incident, Webroot mandated enabling two-factor authentication (2FA) for accounts in order to prevent hackers from using any other potentially hijacked accounts to deploy ransomware.

“Recently, Webroot’s Advanced Malware Removal team discovered that a small number of customers were impacted by a threat actor exploiting a combination of customers’ weak cyber hygiene practices around authentication and RDP,” Chad Bacher, SVP of Products at WEBROOT told ZDNet via email.

“To ensure the best protection for the entire Webroot customer community, we decided it is time to make two-factor authentication mandatory. We did this by conducting a console logout and software update the morning of June 20,” Bacher added.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket