#61 – How to Make Sure that Your IT Provider Is Not A Ransomware Target


img_4479

EFFECTED USERS: Anyone who uses email

Hair of fire 3 of 5

SUMMARY: A ransomware attack effected email for millions, and it was just out of date software that let the hackers in.

Rackspace Technology, a cloud service provider, suffered a ransomware attack in December 2022, which caused email outages for some of its clients. The company reported that a small number of its dedicated hosting customers were affected, but thousands of clients migrated to its cloud services. Rackspace stated that it was able to restore affected systems quickly and that no customer data was compromised. The company did not disclose whether a ransom was paid to the attackers.

According to an article in CPO Magazine article, the Rackspace ransomware attack highlights the need for organizations to have a comprehensive cybersecurity strategy and to regularly review and update their security measures.

Former Microsoft employee and security researcher Kevin Beaumont stated that the Rackspace ransomware attack leveraged the ProxyNotShell Microsoft Exchange vulnerabilities According to Beaumont, Rackspace’s Microsoft Exchange servers had build numbers predating the ProxyNotShell vulnerability. He estimated that thousands of small and medium businesses had been impacted by Rackspace email outages.

Source: https://www.cpomagazine.com/cyber-security/rackspace-ransomware-attack-caused-email-outages-thousands-of-customers-migrated-to-cloud-services/

Here with me to discuss this today is: Yaniv Bar-Dayan.
Yaniv is the CEO and co-founder of Vulcan Cyber, a cyber risk vulnerability management platform. Yaniv is also a veteran of an elite Israeli military intelligence unit and has led numerous high-value cyber security projects throughout his career.

Welcome Yaniv.

So, What happened at Rackspace?

  • Servers not updated after Microsoft patched a vulnerability. The hackers found and exploited this unpatched system.

Questions to ask of MSP’s:

  • What is your vulnerability management policy?
  • Identity and access policy?
  • What is your Service Level Agreement (SLA) policy? Uptime? Data protection?
  • What is your disaster recovery policy?

Here are some Google/Bing Search terms to learn more:

  • “templates for vulnerability management programs”
  • “how do I hold my MSP Accountable to their vulnerability managment policy

OTHER RESOURCES

Yaniv’s LinkedIn: https://www.linkedin.com/in/ybd/ 

Yaniv’s Company – Vulcan Cyber: https://vulcan.io/ 

Vulcan Cyber Blog: https://vulcan.io/blog/ 

Vulcan Cyber Twitter: https://twitter.com/vulcancyber

Free Vulcan Account: https://vulcan.io/lp/vulcan-free/

That’s all the time we have!

Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io

Thanks for listening.

Published by

David W. Schropfer

David W. Schropfer is the CEO of SAFE (Smartphone Authentication For Everyone), a cybersecurity company in New York (www.theSafe.io).  Every day, he and his team of professionals keep the people who use The SAFE Button protected from some of the most common traps, hacks and attacks that target computer systems of all sizes. David is the author of the bestselling cybersecurity book, Digital Habits: 5 Simple Tips to Help Keep You and Your Information Safe Online. His previous books, including The Smartphone Wallet and industry whitepapers, predicted some of the biggest trends in the payments, mobile, and security industries.  Since graduating Boston College, David earned an Executive MBA from the University of Miami.

One thought on “#61 – How to Make Sure that Your IT Provider Is Not A Ransomware Target

  1. Pingback: Cybersecurity Expert Yaniv Bar-Dayan on DIY Cyber Guy – DIY CyberGuy with David W. Schropfer

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.