The Internet is becoming an ever increasingly scary place to do business. The new trend in “ransomware” started getting popular attention when the Cryptolocker virus began spreading. Instead of an attack where the user’s computer was used as a resource or made part of a larger botnet, a user’s information was held hostage, requiring the user to restore from backup or else pay the criminal a ransom to release the hold on their computer. This new strategy on the part of attackers was bold and different, moving from what could have been considered a passive attack to a much more direct one.
Taking this trend to the next level was a recent attack on CodeSpaces.com. Using a Distributed Denial of Service (DDOS) attack, attackers took the website offline. While the organization was distracted by this attack, the attackers then moved on to attacking the Amazon Web Services Control Panel, and gained access to all the system data. At this point, the attackers demanded a ransom from CodeSpaces. When CodeSpaces began to move to repel the attack by changing the control panel’s password, the attackers used a series of alternate accounts they had created to begin deleting data from Amazon, and destroyed years of work across CodeSpaces customers. Ultimately, CodeSpaces has been forced to close its business operations.
Improper security management causes this kind of incident. Of course, any conversation about security must start with proper backup procedures, including disaster recovery planning. Ensuring data is properly backed up, including in multiple locations, would prevent this kind of incident. MSPs can use software like SolarWinds Backup to deliver a service to allow for restoration after an incident like these.
Preventing this from happening, however, is the other half of the equation. While restoration is important, if we can deliver a service to prevent this kind of attack from occurring in the first place, we can prevent significant downtime.
Layered security is the only approach that works. Security is an ongoing process, and requires diligence and attention. The basics start with anti-virus software, properly configured and updated regularly. SolarWinds RMM Managed Antivirus is one such solution for this. This can be then augmented by preventing email transmission of threats, preventing users from being delivered malicious payloads. SolarWinds Mail Assure is a product that can add that level of security.
Adding in specific protections against visiting web locations where security threats are delivered from prevents users from downloading malware. Most attacks are preventable by blocking those rogue websites from being accessed. Adding Web protection, which is now available from within the RMM dashboard, helps solve this problem. Web protection uses policy based protection to prevent users from accessing categories of sites that are not allowed. Additionally, alerts can be setup for excessive bandwidth usage, ensuring the administrator is alerted in the event of an incident.
Finally, we can watch for incidents, using technology such as the “Hacker Check” built into SolarWinds RMM, to ensure that systems are not being penetrated. If we can alert on a problem before it happens, we can stop the attacker from gaining control over the system.
A well rounded managed security offering can help prevent incidents. With threats ever increasing, moving now into actual ransom demands, MSPs must deliver next generation services to assist their customers in preventing costly mistakes – mistakes that can drive a company out of business, as shown by CodeSpaces experience.