Tag Archives: MSP

Security News for the Week Ending January 31, 2020

UK Proposes Weak Security Law for IoT Devices; Calls it Strong

The UK is proposing a law similiar to California’s existing IoT law and calls it strong security.  What makes it strong is that they call it strong, maybe?

The bill requires that default passwords on IoT devices be unique (likely part of the serial number) and not resettable to a single default password.  It also requires the manufacturer to provide a public point of contact for security researchers to report bugs and finally it requires manufacturers to tell consumers the minimum length of time they will provide security updates.

It does not require that they fix reported bugs at all and it doesn’t say how over the manufacturer will provide security updates.  It also doesn’t make manufacturers liable for the damage their bugs do.

All in all, it is a pretty weak bill and even so, it has not been enacted yet.  Source: The UK Gov web site.

 

Business Email Compromise victim sues MSP for Professional Negligence

A Business Email Compromise victim who paid fake invoices to the tune of $1.7 million to businesses in Hong Kong and Cambodia is suing it’s managed service provider (MSP) for messing up.  The fake invoices came from the business owner’s hacked email account which the MSP was supposed to protect.  Source: Channel Futures

 

Travelex Says They Are Back Online

After a MONTH of downtime, Travelex says they are now back online.  They are still saying that it won’t impact their 2019 or 2020 financials.  Sources say that part of the losses will be covered by insurance.  This calls out the importance of having a tested incident response, disaster recovery and business continuity program – and the importance of having cyber insurance.  Source: Reuters

 

Apple Dropped Plans to Encrypt Cloud Backup After FBI Complained

Apple dropped plans to fully encrypt iCloud backups after the FBI told them that it would harm investigations according to multiple sources.  They often turn over iCloud backups to help police investigate crimes.

While Apple publicly says it protects your privacy and in many ways they do, sometimes they make business decisions that they would prefer their customers not  know about.  Source: Reuters

 

Extradition Hearing for Huawei’s CFO has Begun in Canada

The extradition hearings for Huawei’s CFO and daughter of its founder, Meng Wanzhou, have begun in Canada.

The U.S. says that she and her company violated the U.S. ban on selling to Iran.  China says it is a political stunt.

Currently, she is free on bail and living in one of the mansions she owns in Vancouver.  If she gets extradited to the U.S. her accommodations will not be as comfortable.

On the other hand, President Trump has indicated that all things with China are bargaining chips.  Stay tuned;  it is a long journey.  Source: The L.A. Times

Is This Becoming a Thing-Another MSP Ransomed

A couple of weeks ago it was a Managed Service Provider in Denver.  A few weeks before that, it was one in Wisconsin.  This week it is Irvine, CA based Synoptek with more than 1,100 customers including state and local governments, financial services and healthcare.  Their web site says that they did more than $100 million in business last year.

Someone captured a Tweet of theirs before they deleted it:

Now that they were hit by a ransomware attack which encrypted customer data on Christmas Eve, they probably wished they took their own advice.

They are being very quiet about the whole thing, but reports say that it infected a subset of their customers and that they paid the ransom.  Hopefully they have insurance to cover the cost.

Unlike the attack in Colorado, it looks like these guys were better prepared and were able to contain the attack and are working quickly to mitigate it.

Several thoughts here:

  • It looks like this *IS* becoming a thing because for an MSP, if they don’t pay the ransom, if they don’t decrypt their clients’ data, if they don’t minimize the consequences, they are likely out of business.  From an attacker’s standpoint, this is THE BEST scenario.
  • Since there are likely tens of thousands of these service providers out there from mom & pop shops to a few hundred employees (Synoptek has about 700 peops), there is no shortage of opportunities
  • As an MSP’s customer, you want to ask those embarrassing questions like do you have insurance, are you prepared and how long would I be down?
  • This attack also went after the remote control software, which is a weak spot for MSPs.  There are some options when it comes to this, so you might want to ask questions.
  • When it comes to *YOU*, you need to make sure you are prepared-
  • Do you have your own backups?
  • Do you have a monitoring and alerting system to detect the problem quickly (we have a cost effective solution)?
  • What is your plan if one or more of your service providers is down for a day?  For a week? For a couple of weeks?  Goes out of business?
  • Can you continue to do business while you are down?
  • While the total number of businesses impacted by just these three attacks that did hit the news is around, best guess, one thousand companies, that is just 3 attacks.  This will likely get uglier before it gets better.

And just to lighten things up a bit, check out this YouTube clip from the animated movie Hoodwinked.  He has a good suggestion – https://www.youtube.com/watch?v=HUIP208nZZs

Source: Brian Krebs