MSP & MSSP Industry Notes for August 23rd, 2020
MSP & MSSP Industry Notes
Sponsored by
ARCOA Group is here to help you successfully manage your IT Asset Disposition process. We help you recover value from retired electronic equipment through responsible methods of reuse and recycling. We ensure proper handling of assets which may contain data, while being environment stewards for assets that have no reuse value and are headed for recycling. We’ve built a robust de-manufacturing process to offer additional options for asset value recovery by disassembling equipment for commodity grade materials, which can be diverted from landfills and be used to create new base materials.
Canon ransomware attack update
- Bank Info Security magazine published article with update on recent event
- According to Emsisoft Security, the Maze ransomware group has posted on its Dark Web website some of the data is claims it stole from Canon USA
- Claims it posted only 5%, or 2.5GB of the data it now has possession of, and is
threatening to post most of the data if Canon does not pay ransom - Canon disclosed on 8/6/20 that it was struck by the ransomware, and has now invested in cyber incident protocols, end point threat detection and response tools
- The attack also took down many of Canon’s websites, some of which are still not operable according to article
Ricoh Canada Becomes RelativityOne Approved Data Migration Partner
- Ricoh Canada Inc.is pleased to announce it has become a RelativityOne Approved Data Migration Partner
- e-discovery platform is used by thousands of organizations around the world to manage large volumes of data and quickly identify key issues during litigation, internal investigations, and compliance projects
- Relativity has over 180,000 users in 40+ countries from organizations including the U.S. Department of Justice, more than 70 Fortune 100 companies, and 198 of the Am Law 200
TPx Communications Ranked No. 2 Among World's Most Elite 501 Managed Service Providers ...
- TPx Communicationsnamed as one of the world’s premier managed service providers, ranking No. 2 on the prestigious 2020 annual Channel Futures MSP 501 list
- To develop the 13thannual MSP 501 list, Channel Futures invited MSPs from around the globe to complete an exhaustive survey and application
- The 2020 MSP 501 list is based on data collected by Channel Futures and its sister site, Channel Partners. Data was collected online from March 1 through June 30, 2020
BriteCore and Xceedance Announce Strategic Partnership
- Announced that Xceedance has joined BriteCore's growing partner ecosystem
- BriteCore platform provides end-to-end support for P&C insurers, including core policy, billing and claims modules, agent and policyholder portals, and data and analytics capabilities
- Xceedance (xceedance.com) is a global provider of strategic consulting and managed services, technology, data sciences, and blockchain solutions to insurance organizations
Ransomware Attack On Carnival Information Technology System
- Reported on Technology Times
- Carnival, which operates AIDA, Carnival and Princess cruises among others, in a regulatory filing said the attack included unauthorized access to personal data of guests and employees.
Aeris Named MSP of the Year by Informa Tech Automotive Group, Wins TU-Automotive Award ...
- Named Mobility Services Provider (MSP) of the Year by Informa Tech Automotive Group and has won the TU-Automotive Awardfor its continued success deploying the Aeris Mobility Suite (AMS)
- The MSP of the Year Award recognizes any MSP globally that has had a stellar year between January 1, 2019 and February 19, 2020, specifically relating to their development, deployment, integration or adoption of mobility products and/or services
- AMS provides car companies with all of the software needed to build and monetize world-class connected vehicle programs
Fortinet and IBM Collaborate on SkillsBuild to Further Build Cybersecurity Skills
- Forinet to partner with IBM to integrate Fortinet’s Network Security Expert training and certification curriculum with IBM’s SkillsBuild digital platform
- An (ISC)2 poll found that 81% of respondents view security as an essential function as employees are working remotely due to COVID-19
- Provide cybersecurity training that develops skills, reskills and upskills
- Help untapped candidates launch their careers
- Connect learners to employers
- Offer further recognition of skills
CyberHero Kristi Rice Brings Cybersecurity Education to Rural Virginia
- As a CyberHero, Kristi is part of SynED'sseries highlighting cybersecurity educators who quietly go above and beyond to enrich the educational experience for their students and empower the country's next generation of cyber professionals
- Today, she focuses solely on cybersecurity education and advises the school's Cyber Knights team
- Cyber Knightsprovides students interested in cybersecurity the technical resources needed to engage and advance their computer security knowledge and skills
62% of the MSP 501 Rely on Warranty Master for Productivity, Protection & Profitability, Up 12 ...
- Warranty Master reached a notable milestone with 309 Warranty Master Partners selected as part of the Channel Futures 2020 MSP 501 rankings
- The Channel Futures MSP 501 is the world's most comprehensive ranking of managed service providers
- 62% of the MSP 501 relying on the Warranty Master application for Asset Lifecycle Management
ITC Secure Expands Executive Team with Appointment of CRO to Fuel Next Stage of Growth
Nuspire Recognized As A Contender By Leading Industry Analyst Firm
- Announced it has been recognized as a Contender in The Forrester WaveTM: Midsize Managed Security Services Providers, Q3 2020
- The report recognized Nuspire for providing "standardized and compliance-focused reporting capabilities
Konica Minolta hit by second huge ransomware attack
- Reported on IT Portal
- Japan-based business technology giant Konica Minolta was hit by a new ransomware strain, which brought its services down for almost a week
- On July 30, customers reported not being able to access the company’s product supply and support site, met instead with a “service temporarily unavailable” message
Cybersecurity Update
- The Foundation Surgical Hospital of San Antonio, TX notified an unknown number of patients that their PHI was exposed after it was inadvertently made accessible on a public website
- The federal government is warning healthcare organizations of a new fraud attempt where facilities are receiving bogus postcards with info about a mandatory HIPAA compliance risk assessment
o Postcards direct people to a fake website in attempt to steal info - Premier Health of Ohio notified an unknown number of patients that their PHI was exposed after an email phishing attack
- Imperial Valley College of California notified an unknown number of students that their info may have been exposed after ransomware attack
- Ashley County Medical Center of Crossett, Arkansas notified 772 patients that their PHI was exposed after a former employee accessed the info for malicious purposes
- Piedmont Orthopedic Clinic/OrthoAtlanta of Georgia notified an unknown number of patients that their PHI was exposed after ransomware attack
- Allergy and Asthma Clinic of Fort Worth, TX notified 69,777 patients that their PHI was exposed after hacking incident
Breitbart News is reporting that Antifa anti-police terrorists have hacked the following police departments to “Dox” their employees:
o Los Angeles Police Department
o LA County Sheriff’s Office
o Maryland’s Department of Public Safety and Correctional Services
o Minneapolis Police Department
o Santa Monica Police
o Long Beach Police
o California Highway Patrol - HP published report on security issues in healthcare vertical with following facts:
o 23% of breaches involved paper records
o 18% of companies monitor printers/MFPs for threats
o 82% of healthcare customers have dealt with cybersecurity attacks on IoT
devices
o 3 times more incidents in healthcare than other verticals in 2019
o $17 billion was total cost of all healthcare breaches in 2019
o 85% do NOT maintain audit logs of printers/MFPs
o 69% have no antimalware protection on printers/MFPs
o 55% of printers/MFPS lack security settings
o 86% do not have encryption for printers/MFPs
o 60% do not use passwords
o 50% have not printer/MFP security management
- InMotionNow Software of Morrisville, North Carolina, notified several of its customers that it had inadvertently exposed private information after it was left in unsecure cloud storage site:
o Brotherhood Mutual
o Kent State University
o Purdue University
o Potawatomi Hotel & Casino of Milwaukee, WI
o Zagg Consumer Electronics
o Freedom Forum Institute
o Myriad Genetics
o Performance Health - Olympia House Rehab Clinic of Petaluma, CA notified an unknown number of patients that their PHI was exposed after ransomware attack.
- The Center for Fertility and Gynecology in Tarzana, CA notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Researchers from GitHub and Micro Focus Fortify published report warning users of security vulnerabilities allowing hackers to achieve remote code execution:
o Microsoft SharePoint
o Altassian Confluence
o Alfresco
o dotCMS - Bleeping Computer magazine is warning of a new Russian ransomware gang known as “Avaddon” is now attacking organizations in the U.S. and other countries.
o Also reporting that RedCurl is another new Russian hacking group targeting companies in the U.S. - Adit Inc., a medical software provider, headquartered in New York City, NY, notified an unknown number of firms that 3.1 million records were inadvertently exposed on a public website, and may have been stolen by malicious actors.
- The FBI sent out an alert warning U.S. firms of an Iranian hacking group, named “Fox Kitten aka Parisite”, that it attacking high-end F5 computer networking devices
- Char49 Security is reporting that the Find My Mobile feature of Samsung smartphones can be used by hackers to intercept communications
- The SANS Cybersecurity Training Organization notified an unknown number of members that their info may have been exposed after email phishing attack.
- Wall Street Journal reported that TikTok enabled its Android app to collect millions of users’ unique identifiers for at least 15 months. TikTok is controlled by Chinese government
- The FBI and NSA published joint security alert containing details about a new strain of Linux malware that was developed by Russian hacking group, APT28, aka Fancy Bear or Sednit
o named Drovorub, is being used to plant backdoors inside hacked networks
o allows the attacker to perform many different functions, such as stealing files and remote controlling the victim's computer - Tyler C. King, age 31, of Dallas, Texas, was sentenced by Judge Tom McAvoy to 57 months in prison for hacking into of a New York-based technology company and stealing information to resell
- Check Point Security reported that an exploit in Amazon’s Alexa voice platform can give attackers access to users’ personal information, speech histories, and Amazon accounts.
- C1 Security published new report on healthcare data breaches:
o The number of HHS breach reports from healthcare organizations is down 10.4% in the first half of 2020, compared to the second half of 2019
o number of reported breached records is down nearly 83%.
o total of 3.8 million individual records were breached through hacking and IT incidents
o Rite Aid, headquartered in Camp Hill, PA, notified 9,200 patients that their PHI was exposed when some of its locations were looted by rioters in several cities in the U.S. - BioTel Heart, headquartered in Malvern, PA, notified 61,000 patients that their PHI was exposed after it was inadvertently left exposed online.
- Northern Light Health of Brewer, Maine notified 657,000 people that their info was exposed after its Northern Light Health Foundation fundraising firm had its database exposed
Comments (0)