Texas Ransomware Attacks: MSP Industry On Edge
Ransomware attacks that hit 22 Texas local governments may be tied back to the MSP (managed IT services provider) industry, according to the latest chatter about the attacks.
If hackers penetrated an MSP and associated IT management software in the attacks, the news could further threaten the MSP industry’s overall credibility.
Still, it’s too early to point a definitive finger at MSPs. The mid-August attacks apparently involved one threat actor spreading ransomware across 22 local governments in Texas. A vague statement from an NPR report suggested that the hackers may have hit software used by an IT outsourcing partner.
Also, there’s speculation that the statement actually refers to the Texas Department of Information Resources (DIR) rather than an MSP as the culprit. The DIR is a sourcing organization that allows local Texas government organizations to source IT solutions. Still, the statement from a government official to NPR turned heads across the MSP industry, as service providers and their software partners seek more definitive details about the attacks.
Ransomware Attacks, Compromised Credentials and Two-Factor Authentication
Although some ransomware attacks involve software vulnerabilities, many of the attacks involve compromised user credentials (i.e., stolen user names and passwords). In response, many MSP software providers are mandating the use of two-factor authentication.
Still, a complete MSP industry shift to 2FA isn’t expected until late 2019 or early 2020 because some software vendors are late to market with the technology.
Stay tuned to ChannelE2E and MSSP Alert for ongoing updates involving the Texas local government ransomware attacks, and the potential implications for MSPs.