The 2021 4th of July holiday week was marked by two widespread cybersecurity incidents, the Kaseya ransomware attack, and the Windows PrintNightmare (Print Spooler) vulnerability. While Microsoft quickly released an emergency, “out-of-band” patch to the Windows printer vulnerability, many businesses remain exposed to security compromises.
The Windows Print Spooler vulnerability, identified on July 1, could allow an attacker to install programs; view, change, and delete data; and create new accounts with full user rights. Microsoft confirmed the vulnerability existed in all Windows versions, but noted that it could only be exploited by an authenticated user. Then on July 6, Microsoft announced a patch, or “security updates,” for the so-named PrintNightmare. While the fixes did not address Windows 10 version 1607, Windows Server 2012, or Windows Server 2016, Microsoft indicated that updates for those versions were forthcoming. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) first issued guidance encouraging administrators to disable the Windows Print spooler service in domain controllers and systems that do not print, then advised applying the Windows patch immediately upon its release.
More devastating and unresolved is the Kaseya ransomware attack that occurred on July 2. Kaseya is a software solution used by managed service providers and enterprises to remotely manage and monitor computers running Windows, OS X, and Linux operating systems. As such, the supply chain attack gave hackers access to thousands of small and medium-sized businesses, many of which outsource their IT services to managed service providers leveraging this technology and were likely unaware Kaseya was at work in their organizations.
When the incident was first announced, it was estimated that about 40 Kaseya users were victims of the ransomware attack. By Monday, July 5, the number was increased to 50. But as Kaseya is “hidden” through the third-party service provider, it was determined that the attack impacts more than 1,500 businesses. By the time these businesses feel the effects, their service providers, who they would normally turn to for a solution, will also be incapacitated and unable to help.
Businesses have been too dependent on their IT managed service providers, including expecting triage services in the event of a cyberattack while failing to consider the implications of such an incident on their operations. Providers, unable to protect themselves, won’t be able to help their clients. While vendor risk management has taken leaps forward, many small and medium-sized businesses are still catching up, still relying too much on their vendors and failing to vet and monitor their service providers’ cyber posture.
Simply put, your cybersecurity is your responsibility. It starts and ends with you. Of course, you will use consultants and service providers, but get involved, ask questions, and implement a cybersecurity program of your own. Your cyber posture should be complemented and enhanced by these service providers, not reliant on them.
While there is no one-size-fits-all cybersecurity program, you can implement some fundamental measures to reduce risk and help your organization prevent, detect, respond, and recover from cyber incidents. HBK Risk Advisory Services can help. Contact us at (724) 934-5300; or email me at firstname.lastname@example.org.