EDITOR ’ S QUESTION

MARK LOMAN , SOPHOS DIRECTOR OF ENGINEERING

The adversaries are using MSPs as their distribution method to hit as many businesses as possible , regardless of size or industry type . This is a pattern we ’ re starting to see as attackers are constantly changing their methods for maximum impact , whether for financial reward , stealing data credentials and other proprietary information that they could later leverage , and more . In other widescale attacks we ’ ve seen in the industry , such as WannaCry , the ransomware itself was the distributor – in this case , MSPs using a widely used IT management are the conduit .

Some successful ransomware attackers have raked in millions of dollars in ransom money , potentially allowing them to purchase highly valuable zero-day exploits . Certain exploits are usually only deemed attainable by nation-states . Where ‘ nation-states ’

Some successful ransomware attackers have raked in millions of dollars in ransom money , potentially allowing them to purchase highly valuable zeroday exploits .

This is a pattern we ’ re starting to see as attackers are constantly changing their methods for maximum impact , whether for financial reward , stealing data credentials and other proprietary information that they could later leverage , and more .

would sparingly use them for a specific isolated attack , in the hands of cybercriminals , an exploit for a vulnerability in a global platform can disrupt many businesses at once and have impact on our daily lives .

A day after the attack , it became more evident that an affiliate of the REvil Ransomware-as-a-Service ( RaaS ) leveraged a zero-day exploit that allowed it to distribute the ransomware via Kaseya ’ s Virtual Systems Administrator ( VSA ) software . Usually ,

this software offers a highly trusted communication channel that allows MSPs unlimited privileged access to help many businesses with their IT environments .

www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 33