800.584.4279

Suite3 response to vulnerability targeting MSPs

In the past two weeks there has been news of a security vulnerability in our industry of which you may or may not be aware. We are proactively addressing this development by reviewing our security arrangements and applying additional protection measures where appropriate. We want you to rest assured that our systems are secure.

Discussing the timeline of events related to this vulnerability is likely helpful from a context perspective.  This vulnerability began in April of 2017 when the US Government warned US businesses of increased levels of cyber-enabled theft being carried out by a group of Chinese cyber actors:

https://www.us-cert.gov/ncas/alerts/TA17-117A

Because of this warning and an increase in reported ransomware and e-mail compromise attacks affecting businesses of all sizes and in all industries, we began stepping up our recommendations for clients, such as conducting user security awareness training, implementing multi-factor authentication, and reviewing their cyber insurance policies. Next, in October of 2018 the US Government issued an alert specific to Managed Service Providers like Suite3:

https://www.us-cert.gov/ncas/alerts/TA18-276B

By December 21, 2018, at least nine global MSPs including Hewlett Packard and IBM announced that they were affected by attacks from China’s APT10 group:

https://www.zdnet.com/article/at-least-nine-global-msps-hit-in-apt10-attacks-acsc/

More recently, in the past week there have been reports of small MSPs being compromised:

https://www.zdnet.com/article/gandcrab-ransomware-gang-infects-customers-of-remote-it-support-firms/

This most recent “GandCrab” ransomware attack takes advantage of a very specific vulnerability discovered in 2017 in the integration between two common MSP tools: Connectwise Professional Service Automation software and the Kaseya VSA Remote Monitoring and Management Platform. Unfortunately, not everyone in our industry properly addressed this issue which is why we are now seeing this in the news.

Please note: Suite3 does not leverage the Kaseya VSA platform and is not affected by this vulnerability. However, even though we weren’t affected, we are not resting on our laurels. Instead, we are taking the lessons learned from this attack to further improve our security configuration and practices.

Suite3 takes cyber security very seriously in how we protect our business, and yours as well.

Please let feel free to contact us with any questions, to discuss more details about our cyber security, or to discuss cyber security awareness training.