ransomware

Safe from Kaseya Hack

Cynexlink Clients are Safe from the Kaseya Hack


Many of you may have read over the weekend that an IT infrastructure management company called Kaseya was successfully breached by a ransomware hack. This event potentially impacted thousands of companies because their IT managers – MSPs like us – used that Kaseya tool to monitor their clients’ networks.

All Cynexlink clients should take comfort in knowing this: you have ZERO exposure to this event.

**Note: if you are visiting our site for the first time, your current MSP uses Kaseya VSA and you are looking to make a change, the quickest way is by contacting us here. We have created a special offer for Kaseya clients and we will reply immediately to help your organization chart a rapid path to IT safety.

The article below provides a quick background on what Kaseya does and why this breach is potentially so far-reaching, as well as why we weren’t completely stunned by news of this breach.

Who & What is Kaseya?

All Managed Service Providers (MSPs) like Cynexlink use various software solutions to manage and monitor their clients’ networks for patching, operating system status, data backup, email spam protection and much more.

The primary monitoring software used by companies like ours is an RMM solution, which stands for Remote Monitoring and Management. Such a tool helps provide us visibility at scale, reporting, automation, efficiency and more. While an RMM solution is merely one tool in the toolbelt of an IT solutions provider like us, it serves as the heartbeat of the MSP’s tech stack.

Kaseya’s RMM product, which they call VSA, is what was breached. This means that not only were all of Kaseya’s MSP clients put at risk, so too were all the end clients of those MSPs! Initial reports said 200 companies were impacted by this breach; we will be very surprised if that figure doesn’t end up far higher when the dust settles.

Familiar names of RMM solution providers include smaller companies like NinjaRMM, N-Able and Atera, while the two biggest, most credible players are ConnectWise and Datto. We use Datto because their RMM tool, Autotask, is our industry’s gold standard.

Kaseya’s Place in the IT Universe

Kaseya has been working feverishly to move up into the top-tier IT provider category alongside Datto and ConnectWise, which is why it attracted so much private equity interest a couple years ago.

Behind the scenes, there has been a ton of consolidation in our industry over the last few years, and it has centered on these RMM tools – either as acquirers or acquirees – driven by economies of scale. By adding firewall management, backup and recovery, cybersecurity tools and more to an RMM under one roof, the potential for growth is staggering. This is why Kaseya has raised over $500MM dollars over the last 2+ years — to grab a piece of that market.

The path to providing more and more IT solutions beyond the RMM tool comes down to a choice between building it and buying it. Kaseya chose to raise money and buy.

With all that fresh PE money, Kaseya went on a torrid acquisition spree, buying backup providers, cybersecurity companies, anti-phishing solutions, network assessment programs and more. The management challenge with such consolidation plays, however is huge: not only do company cultures have to be merged, so do all the business units, product features and technologies used. In such a growth-first environment, key details can be missed without any ill intent whatsoever.

Indeed, our team spends more than 500 hours per year in training and product review sessions in order to stay up on the latest technology and cybersecurity solutions for our clients. When a new, better tool comes along in a category, it gets added to our tech stack and the previous leader gets the boot… being able to monitor IT advancements is one of the big advantages of hiring a firm like ours.

As part of our ongoing IT vetting process, we have assessed a number of Kaseya products in the last couple of years. Without being too specific for not wanting to drive the stiletto too hard at this moment in time, there were definitely some warning signs that key details were being missed.

Massive Business Challenges Remain

It will be interesting to see how Kaseya simply survives this high-profile event.

In the short-term, there is the issue of the $70 million ransom the hackers are demanding to release the stolen data.

Next, every MSP client of Kaseya must be exploring a move to a competitor this morning, but a systemic transfer of that kind is no overnight project. If those MSPs don’t move, however, their end clients will wonder how their IT provider can stay put — or how they can continue to work with, and have confidence in, an MSP that won’t leave Kaseya.

Maybe all of this can be fixed with a little P.R. and a lot more of what matters — actual cybersecurity investment and restructuring. Only time will tell.

For those end clients who don’t want to wait and need help getting away from Kaseya, contact us not only for a special offer for Kaseya clients only, but a simple 3-step, 3 week plan to provide a port in a storm for your network and data.

Read more
Botnet Attack

Everything You Want to Know About a Botnet Attack


It is no secret that botnet attack have become significant security threats but what are they, exactly?

What is a Botnet Attack?

A botnet attack is performed by hackers using a collection of malware-infected devices, often termed as “zombies,” which are being controlled by the attackers. We often think of servers and computers being used in such an attack but increasingly, IoT devices like cameras, thermostats and more can help form botnet clusters.

Threat actors gain access to a device by using particular viruses to weaken the computer’s security system before executing “command and control software” to let them conduct their malicious activities on a large scale.

These activities can be automated to carry out countless simultaneous attacks, paralyzing infected devices for ransom or damage while also disguising their identity via the vast botnet network.

A botnet is used in many cybercrimes such as exploiting and making a financial gain, malware propagation, or just general disturbance of the Internet.

Botnet attacks are launched in many ways, including:

  • Spam Emails

The spamming process can be conducted by posing bots as a content server while others as SMTP servers. A spam campaign includes message templates, a senders list, and a recipient list.

  • Launching a DDOS Attack:

A Distributed Denial of Service Attack (DDoS) is another type of botnet attack launched on a website, company or government. This is conducted by sending many requests for content that overwhelms and shuts down the targeted server or website.

  • Ad Fraud

Cybercriminals can utilize the combined processing power of botnets to run fraudulent advertising schemes to attract clicks to get a percentage of ad fees.

  • Distributing Spyware, Malware, and Ransomware

Botnet attacks are also conducted to distribute spyware, ransomware, and malware.

  • Selling and Renting:

Believe it or not, botnets can be found for sale on the dark web to other cybercriminals to exploit!

How to detect a botnet attack:

Botnet attacks are very difficult to identify because they run with a key server controlling every bot in an order and control model. Such strategies often make it difficult to detect the botnet attack.

For such attacks, the first critical step is to recognize the attack immediately and track down that key main server. Inert analysis methods can be useful to spot contaminations in devices. These are run when the device isn’t executing any projects and include searching for malware marks and other doubtful associations with order and control workers that search for guidelines and suspicious executable documents.

The best antivirus programs can also help distinguish botnet attacks somewhat, yet most cannot spot tainted devices. Another intriguing strategy is utilizing honeypots, which are phony frameworks that lure a botnet attack through a fake penetration opportunity in order to help identify threats in the first place. For bigger botnet attacks, similar to the Mirai botnet attack, ISPs in some cases cooperate to recognize the progression of traffic and to find a way to stop the botnet attacks.

For most companies, it is critical to work with a cybersecurity firm with the expertise to recognize ongoing threats and compromised devices within the organization.

How to Prevent Botnet Attacks?

  1. Emphasize Cybersecurity Education

For companies of all sizes, training their people is key. Employees should be trained to report unauthorized emails to the IT team, how to spot phishing emails, not to use public Wi-Fi without using a VPN and more.

  1. Keep All Software Up-to-Date

Software patches should always be applied promptly – beyond your browser and operating system, don’t forget to update antivirus protection, too!

  1. Spam Filtering:

Email filtering solutions should be enabled to prevent most malicious messages from getting into the email inboxes. The more messages that are blocked, the less risk there is of your staff interacting with a phishing email.

  1. Avoid Downloads from File Sharing Networks and P2P

Botnets regularly capitalize on P2P networks and file-sharing services to exploit company networks. Make sure all files are downloaded only from trusted sources and they’re scanned before and after downloading.

  1. Control Access

Use multi-factor, risk-based authentication and other safe practices for access controls to prevent a successful botnet invasion on one machine from affecting the entire network.

Read more