PCM Breach: Hackers Gain Microsoft Office 365 Credentials at IT Solutions Provider
Hackers breached IT solutions provider PCM Inc. and stole Microsoft Office 365 administrative credentials for client accounts, according to Krebs on Security. It’s the latest in a growing list of cyberattacks that specifically target channel partners, MSPs (managed IT service providers) and solutions providers.
PCM apparently discovered the breach in May 2019 — about a month before Insight Enterprises announced plans to acquire PCM for $581 million. It’s unclear if the breach was discovered as part of the due diligence M&A (merger and acquisition) process.
In a statement to KrebsOnSecurity, PCM said the company:
“recently experienced a cyber incident that impacted certain of its systems.
581 milFrom its investigation, impact to its systems was limited and the matter has been remediated. The incident did not impact all of PCM customers; in fact, investigation has revealed minimal-to-no impact to PCM customers. To the extent any PCM customers were potentially impacted by the incident, those PCM customers have been made aware of the incident and PCM worked with them to address any concerns they had.”
The breach allegedly involved the same hacker group that attacked WiPro. Research about that attack and other related breaches surfaced earlier this week from RiskIQ.
Breaches: MSPs, IT Solutions Providers, IT Consultants Under Attack
The IT channel and service provider markets are beginning to resemble war zones, as hackers carpet bomb the industries with all types of attacks. In many cases, the attackers use service providers to island hop across supply chains and infiltrate end-customer systems.
The fallout so far includes:
- Hackers allegedly working on behalf of China hit more than a dozen global telecom service providers;
- China hacked at least eight major technology solutions providers in a bid to access end-customer networks and steam information;
- following one recent attack, an MSP bowed to hacker demands and paid more than $150,000 to recover data;
- In another ugly twist, some IT consulting firms and cybersecurity companies that claim to clean up ransomware are secretly paying attackers as part of their ransomware recovery services.
Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.