Accenture, the global IT consulting firm with a Top 250 MSSP business unit, briefly described a data breach in an SEC filing, and said the incident had no material impact on Accenture or customer operations.
Accenture's 10-K filing, dated October 15, 2021, stated:
"For example, as previously reported, during the fourth quarter of fiscal 2021, we identified irregular activity in one of our environments, which included the extraction of proprietary information by a third party, some of which was made available to the public by the third party. In addition, our clients have experienced, and may in the future experience, breaches of systems and cloud-based services enabled by or provided by us. To date these incidents have not had a material impact on our or our clients’ operations; however, there is no assurance that such impacts will not be material in the future, and such incidents have in the past and may in the future have the impacts discussed below."
The additional information, on page 15 of the filing, outlines a range of common cybersecurity and data risks that face companies such as Accenture.
BleepingComputer claims that the Accenture filing confirmed a LockBit ransomware attack against the IT consulting firm. But MSSP Alert did not see a LockBit mention in the SEC filing (did we miss something?).
The LockBit ransomware gang claimed to have stolen six terabytes of data from Accenture's network and demanded a $50 million ransom, BleepingComputer added.
How MSPs and MSSPs Can Prevent Ransomware Attacks
Cyberattacks against IT service providers and their down-stream customers represent a "revolutionary change" in nation-state tactics, Microsoft said in a recent report.
In particular, attacks on IT service providers is part of a wider net Russia is casting that has seen Moscow-supported threat actors successfully execute cyber attacks at an alarming rate, Microsoft said in its Digital Defense Report.
To mitigate the risk of ransomware attacks, the FBI and CISA say MSSPs and MSPs should take these seven steps:
- require multi-factor authentication (MFA);
- implement network segmentation;
- scan for vulnerabilities and keep software updated;
- remove unnecessary applications and apply controls — and be sure to investigate any unauthorized software, particularly remote desktop or remote monitoring and management software;
- implement endpoint and detection response tools;
- limit access to resources over the network, especially by restricting RDP; and
- secure user accounts.
How MSPs and MSSPs Can Respond to and Recover From Ransomware Attacks
If a ransomware incident occurs, then the CISA, FBI and NSA recommend the following four actions:
- Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
- Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
- Report incidents immediately to CISA at https://us-cert.cisa.gov/report, a local FBI Field Office, or U.S. Secret Service Field Office.
- Apply incident response best practices found in the joint Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom.