MSP are so often the security vulnerability themselves these days, rather than being a security benefit. This isn't the first time this has happened and won't be the last.
How many people are affected this time?
SolarWinds Orion exploit was the basis of the US government hack. Kesaya here is ransomware. Is ConnectWise next?
My article isn't meant to serve as an IR report. There are links in it for incident responders looking for IOCs, but they are not the intended audience.
With large ransomware attacks hitting on-premise solutions makes me suspect that perhaps there is a coordinated effort to help “push” people to the cloud.
The massive Microsoft exchange exploit only affecting on premise or hybrid installations. New Kaseya … on premise installations affected…. not newer cloud offerings.
Update: After reading the actual article .. I retract my conspiratorial ramblings…
“ They brought their entire cloud offline. Short of screaming "We've been hacked!" it's pretty certain that they feel it's origin is them.”
On premises solutions leave infrastructure security decisions to the customer. Unless you are a Fortune 500, extremely security conscious, or under regulatory requirements, there is a good chance your security program is not complete and has gaps. Centralized hosting and management (SaaS, PaaS model) has the advantage of security at scale. It also leaves all your eggs in one basket…On-Prem is great IF you have your shit together AND you trust your appliance management better than the cloud provider
> IF you have your shit together AND you trust your appliance management better than the cloud provider
99.9% of Enterprise/on-prem customers do not have their shit together.
Yes, even banks and finance. I have seen banks still running XP on frontline workstations that are supposed to be on the blue network but somehow can surf the web and answer emails.
If you’re looking around trying to figure out if you can do better than the cloud/SaaS provider security-wise… you definitely can’t.
What you forget here is these SaaS companies are just that - companies. Sure, you probably are not going to exceed Microsoft’s security controls internally but there are a LOT of SaaS companies with awful security. Cloud Risk Assessments are a joke half the time because the information available/what they will share is usually pretty limited.
I have also seen fuckery comparable to exposed XP. Most companies WOULD be better trusting the black box that is the cloud.
How many people are affected this time?
SolarWinds Orion exploit was the basis of the US government hack. Kesaya here is ransomware. Is ConnectWise next?