This morning our colleagues over at IT Simplified and I were having a conversation about a Technology Service Provider (TSP) whose data is available for sale in about 12 days on the dark web.
This company per their website provides services to the government from across its multiple locations in VA, an area with many companies that deal with government agencies.
With the spate of government related breaches in the last month or so, we imagine this is merely the beginning of many data sales related to breached Technology Service Providers (TSP’s). The typical Technology Service Provider (TSP) have unfettered access to client systems and data. Due to this, its imperative the Technology Service Provider (TSP) take security seriously and deploy the appropriate protections. When a Technology Service Provider (TSP) is breached, there is a higher than average likelihood the attacker now has access to the Technology Service Providers (TSP’s) clients and their data.
It’s not just the Technology Service Provider (TSP) data that is available, it’ll likely be client data which could include government data.
Based on readily available information, it would seem this Technology Service Provider (TSP) was a soft target for the Netwalker Ransomware group;
- The ConnectWise Business Management system used is self hosted with RDP (port 3389) open (post breach awareness), a big no-no in our world.
- The Remote Monitoring & Management System SolarWinds N-Able is also self hosted with many unnecessary ports open to the world.
- The Technology Service Provider (TSP) in question outsources its helpdesk to Collaborance (outsourcer that outsources?).
- There is no SIEM for a post event autopsy.
Now is always the time to review what your Technology Service Provider (TSP) has access to and ensure the appropriate steps are being taken to protect themselves, you and your data.
If you and your company are not Expertly Managed, perhaps you’re due for some peace of mind with Kontinuum.
Operators are standing by…