Networking, Content

Webroot 2FA Now Mandatory As Hackers Target MSPs

Webroot has made two-factor authentication mandatory as attackers continue to target MSP software platforms in a bid to spread ransomware across end-customer systems, the cybersecurity company confirmed to ChannelE2E and MSSP Alert.

In a statement to ChannelE2E, Webroot was quick to assure MSPs (managed IT service providers) and customers that the company "was not breached and our products were not compromised." Also, the company pointed to its new mandatory stance on two-factor authentication (2FA) amid recent "threat actor" activity.

Webroot SVP Chad Bacher
Webroot SVP Chad Bacher

Chad Bacher, SVP of products, Webroot, a Carbonite company, said:

"We all know that two-factor authentication (2FA) is a cyber hygiene best practice, and we’ve encouraged customers to use the Webroot Management Console’s built-in 2FA for some time.

Recently, Webroot’s Advanced Malware Removal team discovered that a small number of customers were impacted by a threat actor exploiting a combination of customers’ weak cyber hygiene practices around authentication and RDP.

To ensure the best protection for the entire Webroot customer community, we decided it is time to make two-factor authentication mandatory. We did this by conducting a console logout and software update the morning of June 20.

We are always closely monitoring the threat environment, and will continue to take proactive measures like this to provide the best protection possible for customers."

FBI, Department of Homeland Security Warning to MSPs

Hackers have repeatedly targeted MSP software, management consoles, remote control systems and RMM (remote monitoring and management) platforms to target end-customer systems with ransomware, according to an FBI and U.S. Department of Homeland Security warning to MSPs.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.