Government Technology Service Provider (TSP) data for sale on the dark web by Netwalker.

netwalker

This morning our colleagues over at IT Simplified and I were having a conversation about a Technology Service Provider (TSP) whose data is available for sale in about 12 days on the dark web.

This company per their website provides services to the government from across its multiple locations in VA, an area with many companies that deal with government agencies.

With the spate of government related breaches in the last month or so, we imagine this is merely the beginning of many data sales related to breached Technology Service Providers (TSP’s). The typical Technology Service Provider (TSP) have unfettered access to client systems and data. Due to this, its imperative the Technology Service Provider (TSP) take security seriously and deploy the appropriate protections. When a Technology Service Provider (TSP) is breached, there is a higher than average likelihood the attacker now has access to the Technology Service Providers (TSP’s) clients and their data.

It’s not just the Technology Service Provider (TSP) data that is available, it’ll likely be client data which could include government data.

Based on readily available information, it would seem this Technology Service Provider (TSP) was a soft target for the Netwalker Ransomware group;

  1. The ConnectWise Business Management system used is self hosted with RDP (port 3389) open (post breach awareness), a big no-no in our world.
  2. The Remote Monitoring & Management System SolarWinds N-Able is also self hosted with many unnecessary ports open to the world.
  3. The Technology Service Provider (TSP) in question outsources its helpdesk to Collaborance (outsourcer that outsources?).
  4. There is no SIEM for a post event autopsy.

Now is always the time to review what your Technology Service Provider (TSP) has access to and ensure the appropriate steps are being taken to protect themselves, you and your data.

If you and your company are not Expertly Managed, perhaps you’re due for some peace of mind with Kontinuum.

Operators are standing by…

Your Systems Aren't Expertly Managed?

PEACE OF MIND IS JUST A CLICK AWAY

Fill out the form below and we will be in touch.

GOING IT ALONE HAVE YOU FEELING OVERWHELMED?

Every day, our clients rely on Kontinuum to deliver the Peace of Mind that their technology will work how they need it to, when they need it to.

GOING IT ALONE HAVE YOU FEELING OVERWHELMED?

Every day, our clients rely on Kontinuum to deliver the Peace of Mind that their technology will work how they need it to, when they need it to.

kontinuum blue white
About us

Creating Peace of Mind® – it's why we exist. Every member of our team lives our Core Purpose and understands what it means to our clients and our own success. 

Quick Links​
  • Home

  • Expertly Managed

  • Professional Services

  • Contact

  • Support

Company
  • About

  • Blog

  • Podcast

  • Privacy Policy

  • Refund Policy

  • Terms & Conditions

  • Status

Connect