EFFECTED USERS: Anyone who uses email
Hair of fire 3 of 5
SUMMARY: A ransomware attack effected email for millions, and it was just out of date software that let the hackers in.
Rackspace Technology, a cloud service provider, suffered a ransomware attack in December 2022, which caused email outages for some of its clients. The company reported that a small number of its dedicated hosting customers were affected, but thousands of clients migrated to its cloud services. Rackspace stated that it was able to restore affected systems quickly and that no customer data was compromised. The company did not disclose whether a ransom was paid to the attackers.
According to an article in CPO Magazine article, the Rackspace ransomware attack highlights the need for organizations to have a comprehensive cybersecurity strategy and to regularly review and update their security measures.
Former Microsoft employee and security researcher Kevin Beaumont stated that the Rackspace ransomware attack leveraged the ProxyNotShell Microsoft Exchange vulnerabilities According to Beaumont, Rackspace’s Microsoft Exchange servers had build numbers predating the ProxyNotShell vulnerability. He estimated that thousands of small and medium businesses had been impacted by Rackspace email outages.
So, What happened at Rackspace?
- Servers not updated after Microsoft patched a vulnerability. The hackers found and exploited this unpatched system.
Questions to ask of MSP’s:
- What is your vulnerability management policy?
- Identity and access policy?
- What is your Service Level Agreement (SLA) policy? Uptime? Data protection?
- What is your disaster recovery policy?
Here are some Google/Bing Search terms to learn more:
- “templates for vulnerability management programs”
- “how do I hold my MSP Accountable to their vulnerability managment policy
Yaniv’s LinkedIn: https://www.linkedin.com/in/ybd/
Yaniv’s Company – Vulcan Cyber: https://vulcan.io/
Vulcan Cyber Blog: https://vulcan.io/blog/
Vulcan Cyber Twitter: https://twitter.com/vulcancyber
Free Vulcan Account: https://vulcan.io/lp/vulcan-free/
That’s all the time we have!
Don’t forget to check out our sponsor, and home of my day-job: SAFE Classroom, at http://www.thesafe.io
Thanks for listening.
One thought on “#61 – How to Make Sure that Your IT Provider Is Not A Ransomware Target”