Texas CISO: 5 MSP Lessons After Ransomware Attack
Texas Chief Information Security Officer (CISO) Nancy Rainosek has offered five MSP-oriented lessons after 22 Texas government agencies suffered ransomware attacks in August 2019.
Rainosek’s recommendations, according to BankInfoSecurity:
- “Only allow authentication to remote access software from inside the provider’s network;
- Use two-factor authentication on remote administration tools and virtual private network tunnels – VPNs – rather than remote desktop protocols;
- Block inbound network traffic from Tor exit nodes;
- Block outbound network traffic to Pastebin;
- Use endpoint detection and response to detect Powershell running unusual processes.”
Rainosek has overseen all cybersecurity matters for the state of Texas since January 2017, according to StateScoop.
More than half of the 22 Texas government agencies that suffered ransomware attacks in August 2019 have now returned to normal operations, the report says. MSSP Alert is striving to determine how long it will take for the remaining agencies to recover, and whether the recoveries will be complete in nature.
Ransomware Attacks Government Infrastructure
Ransomware attacks continue to plague federal, state and local government agencies across the United States.
The fallout so far: As of July 2019, ransomware attacks have hit at least 170 county, city, or state government systems in the United States since 2013. Moreover, 22 of those attacks occurred in the first half of 2019, according to The U.S. Conference of Mayors.
The most recent attacks have hit these U.S. cities.
Those mayors have vowed to stop paying ransomware demands from hackers, but those same mayors will need to boost their cybersecurity and business continuity stances in order to ensure they can maintain such a vow.
MSPs Also Suffer Ransomware Attacks
MSPs have also suffered ransomware attacks in recent months. The fallout has included:
- An MSP paying hackers $150,000 to unlock data;
- hackers specifically targeting MSP software platforms to launch ransomware attacks; and
- Ryuk ransomware hitting a CSP that works closely with MSPs.
Hackers worldwide have been hitting MSPs of all sizes — not just global technology service providers. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.
Amid that threat landscape, MSP software providers and their channel partners are increasingly activating two-factor authentication as a means to stop hackers from entering systems.
“Only allow authentication to remote access software from inside the provider’s network;”
Is there a reason to mention here “authentication”? Or does she ‘solely’ mean “connections”, in the sense that one should only allow connections to remote networks from inside the provider’s network.
Hi Andre: We’ve reached out to the Texas DIR and office of the CISO for more thoughts. If we hear anything, I’ll post a comment update here.