Transcription

Speaker 1 (00:12):

Hello everybody. Thank you for joining us. And, um, today we are going to talk about the more recent item in the news. Uh, the Kaseya hack, um, this live stream that we do is, is made for business owners or, uh, managers. I'm just trying to help educate, you know, what to expect, um, are questions to ask of your internal or outsourced it company. Um, it's just, non-tech non-technical information, um, kind of given as a talking points that you can use. So with this Casia hack where you can go over, um, why multi-layered security is not pollute must, um, also kind of talk about what happened and you know, what you can do, how this could impact you in the future. Um, John I'll, uh, let you start and just do a little introduction if you don't mind. And then we'll just kinda go to Gary and Lance,

Speaker 2 (01:09):

Right? Thanks, Chris. Uh, yeah, John Gibson would just write and we're a managed it department out of San Diego, California. And, um, did you want me to kind of give an overview of what happened or do you wanna hit that after each person introduces? Yeah, we'll do introduction first. Okay.

Speaker 1 (01:25):

I appreciate it. Go. Uh, Gary, you're up.

Speaker 3 (01:29):

All right. Carrie [inaudible] Southeastern Wisconsin, a managed service provider, uh, and crane it Lance Keltner with you and I computers managed it department, uh, out of Lawrence, Kansas serving the greater Kansas city area.

Speaker 1 (01:43):

Yeah. Great, appreciate it. Uh, so yeah, John, I'll circle back to you, uh, if you kind of want to just briefly talk about, you know, what, what happened, who was affected, uh, what could have happened?

Speaker 2 (01:54):

Sure. Yeah. What happened is on Friday, about 2:00 PM Eastern 11:00 AM Pacific time. Casia, that's the company that, um, we use tools from can say, and in our businesses, each of us here and, uh, anyway, one of their tools it's called, uh, VSA or, um, well, it's a system administration tool, virtual assistant system administration tool, but, but anyways, they were attacked. They noticed activity and very quickly and decisively decided to, uh, implement their incident response plan and shut down their servers. And that was really, um, a very key component of, um, of the outcome and that it limited the damage greatly, um, by this hacker group, uh, known as our eval. Um, some of you may have heard of them before, if you didn't. There were the same company that went after JVs food processing, which is the meat packer, uh, company. So they've been in the news recently, they're in it again because they are the ones behind this.

Speaker 2 (02:55):

And what they did basically is, uh, dropped a program, would launch ransomware on, uh, affected systems. And, um, some of that is still being investigated as far as how they got in. Um, it's looking right now that it was a very targeted type of attack, um, meaning that, um, perhaps not everybody was at risk, but, uh, right now there's, there's still some investigation happening. Federal authorities are involved, uh, department of Homeland security and have BI or both in on it. And, um, and Casa has been working very closely with these agencies to try to come to as quick a resolution as possible,

Speaker 3 (03:33):

You know, Hey John, one interesting point on that, I know they talk about the hack, you know, organization that did it, but they're not a hundred percent sure it was them. What they do know is the platform that they use, which is a platform as a service for that type of activity was actually used. So it could have been a subgroup, but use the platform, meaning that when someone gets ransomware paid, it kind of goes back into the kitty to support that platform as a service. So it's a whole different level of playing when it comes to these hackers, leveraging tools and evolving them.

Speaker 1 (04:08):

Yeah. Very interesting. I hadn't heard that part of it. Yeah. Thank you, Gary. Um, and, um, you know, on this tool, it's, it's used by a lot of it companies outsourced it companies, internal it companies, or it departments, um, and it's used, you had to kind of main manage, uh, computers, uh, monitor their health, um, remotely access and that sort of thing. Um, Lance, I wanted to ask you, what, what is the, you know, for anyone listening, any business owner, w what's the likelihood that, you know, something like this could, could affect them or would it ever,

Speaker 3 (04:49):

Uh, unfortunately likelihood is pretty much a certainty, um, at this point. So, uh, us in the industry, we've known several other major tools that got hacked, just not with the necessarily the same method, but the result was the same, uh, just like this. And so what, we're, what, we've what I've kind of wondered for a while on this, this kind of underscores the point is that it's really not, if you know, you get compromised, it's really just when, um, it doesn't matter who you are, whether it's tools, whether you're a government agency, whether you're a small business, whether you're a large business, whether you're a security tool you're going to get compromised. And the list now is growing shorter for those that have not had something happen versus those that have. So, um, it's really about what layers do you have in place now, so that when the inevitable happens and you get a layer of compromised that doesn't take you down.

Speaker 3 (05:50):

Um, so that's something that the four of us here, we all have a similar set that we use, but we all a very layered approach. And so there was no time where any of us actually got compromised. We weren't, we were okay, but that's because we had these set things in place. And we were able to know in this particular instance to turn things off now, now maybe in a different instance, it's caught and nothing needs to be turned off, but that was just how this one played out. Um, I kind of, I'm starting to liken it to, we are about the only industry I can think of other than the military that has our adversaries actively trying to destroy us 24 7. Um, if you think about what's happening to customers now, you know, the, the people that are perpetuating this, this ransom software in this extortion, you know, if you, if you don't pay up, you know, they're giving your stuff out, they're destroying your data.

Speaker 3 (06:48):

They're not giving it back. They're not nice people, right? So they want to take you down or have you paid them to maybe get it back. So they are only looking to destroy you, that's it. Um, and I think maybe with the news that this is starting to make that maybe it's going to wake a few more people up that it's not business as it was five, 10 years ago, this is, this is serious and you kind of have to take it seriously, or you're going to be in line to be next at some point. Yeah.

Speaker 2 (07:18):

I agree with that. Our vendor Cassela was very, um, upfront about that. They were saying, you know, um, that this can happen to anyone. So I think that was one great aspect of the news of this. Any, anybody that got to see, uh, the CEO of Kaseya talk, uh, got, uh, a hint of that. And I think it was really important, you know? Yes, he was very decisive in his actions and that helped minimize the amount of damage. Um, and yes, I'd like to also piggyback a little bit on what Lance said is that we have multiple layers of security. Each one of our companies, uh, provide that to our clients. And that's the, that's the most important thing to take from this. As you must have multiple layers of security, if you rely on just one, one software, one tool to protect you, you're likely going to be, um, dissatisfied with the end result. So it's very, very important.

Speaker 1 (08:11):

Yeah, there's a lot of, I mean, constantly when we get a new eye, a new customer signs up with us for it, you know, we go on, go in and do a discovery and onboarding and hardly fine, any layered security, you know, might be a firewall and antivirus. And that's it. And I mean, to me, that's, that's not even a, uh, you know, a minimum for a standard.

Speaker 4 (08:32):

Yeah.

Speaker 3 (08:34):

Right. And, and, and one additional point on that, and I think kind of touching on what John said, right. And then the media and the news we're hearing about this particular ransomware attack, that seems to be really big. But what people don't realize is that that was an attack that was that overshadowed, other things that were taking place at the same time, there was over 2000 targeted military organizations, organizations, schools, businesses, insurance companies, what brute force forest, trying to target and get an access to those systems. It also happened on July 2nd, right around the holiday. The JBS meat supplier actually got hacked on Memorial day weekend. So we're starting to see a trend there too. They are trying to take advantage of lower staff, you know, when, uh, they could catch people off guard and try to make math. Yeah.

Speaker 2 (09:20):

Because of long weekends, like you're just mentioning. Yep.

Speaker 1 (09:23):

Yeah. And that's where it's real important to have a 24 7 NOC or a SOC, uh, in place type of detections and in quick action.

Speaker 3 (09:31):

Right. And I think, sorry, I think that's a key point too, when you're dealing with a managed service provider, if a managed service provider comes to you and says, oh yeah, we do all your security. We can handle it 24, 7, 365. I'll tell you right now run because all of us here have been experienced in this space. We know our managed service providers. We find the best of the best when it comes to a managed security provider. And we partner with that because you cannot be an expert in everything. And that's, that's a key distinction to, to, to Gary's point there. Um, uh, people may or may not have heard in the news that there was some serious, uh, vulnerabilities found in windows printing. Uh, just a few days before all of this stuff with Casa went down. So we were all dealing with that. Uh, and then what were Jew and because Microsoft had, I think only pushed a patch for that today and that's caused and its own set of problems.

Speaker 3 (10:30):

Um, and so we were dealing with that and we were on the tail end of, of putting in, uh, some temporary fixes just to protect people in the meantime, then this whole thing hits. Um, if you are, uh, working with a provider who is kind of like all on their own, you know, with th with the speed at which things hit today, um, you can get overwhelmed very easily, you know, and then you, as the customer could be accidentally left out in the cold on a major issue, because they're dealing with a couple of other fires and maybe they don't have to Gary's point, um, a managed securities team looking at things as well, because you're exactly right. You know, there's too much for one or two people to handle. You know, you need teams of people with different experience levels to handle this because there's so many things happening. This is not 20 years ago, you know, this is a different world.

Speaker 2 (11:22):

Yeah. And this is, this is a good place to mention, you know, uh, what is security because, um, a lot of people can understand how security works for their home or even their office. They get it that, you know, you have doors with locks, windows would lock, she might even have a gate or a fence or a wall to protect, um, the outside, you know, to an inner area. Um, you might also have a dog at home. You might have an alarm system with sensors that detect if a window has been opened or broken or a door has been open. Um, if somebody does come in, the alarm goes off or the dog barks, um, or, you know, the, uh, the police get called, uh, maybe somebody in your neighborhood picks it up also in the neighborhood, watch calls the police for you. Um, or if they do get in the dog, eats the bad guy coming in, or the police do come in and arrest the bad guys, or, um, if all else fails, you have cyber insurance that can, are, you'd have insurance in the case of what we're going to get.

Speaker 2 (12:20):

Um, we're talking about here would be cyber, but you have insurance to resolve anything that can't be handled by any of the other, um, issues there. And what I really just described was three separate components of security, protection detection, and response. And what Chris was saying about the antivirus and firewall. Those are great examples of protection, and they're not doing a good job for security right now because they don't take into consideration the most important part. And I identified that when I first talking about Casa and how they handled things, detection and response are absolutely vital. You have to quickly detect and quickly respond to any kind of cyber attack on a business. Um, otherwise, uh, there can be a lot more damage, a lot more ransom to pay, you know, it's just going to be a lot worse. So that's where the focus needs to be. So if you don't have a MSP or managed it department, that's doing that for you. Um, you know, this is what we're telling you, that you need to have. You need to have teams of people like Lance was saying that are monitoring 24 7, truly not the guy, the one man shop that's, um, you know, he's telling you, oh, I'm doing it. I'm, I'm monitoring your stuff 24 7. Okay. Yeah. So you never sleep, you, you have your eyes on that computer all the time, you know? Yeah, of course not. So it's really, really I'm trying

Speaker 4 (13:39):

To work exactly. Right.

Speaker 3 (13:42):

And I think John, to your point, when he gave the analogy of like, you know, house insecurity, what you have to look at from a business standpoint or organization, if you are willing to protect things and your valuables in your home, such as maybe your children, your significant other and stuff, by putting these things in place, the business impact you have, if one of these things were to occur in your business, it could shut your business down. What's the value of your organization when it comes to revenue. And I think a lot of us actually look over that, right? We even see MSPs in our space who promotes security, but when he asks you to get a chance to look under the hood, you find out they're not necessarily doing what they preach, but I think there's a lot to handle there, which is why you need that good expertise. Right. Who, who is blocked works for a reason, he's there the best of the best from our standpoint?

Speaker 1 (14:33):

Yeah. Um, also, uh, I was thinking about this, you know, I could say, uh, RMM is offline right now for a very good reason, but, um, you know, if you, well, very early on in our company, we used a RMM that also housed a cloud antivirus and different things built into that. RMM and right now, if we were doing that, then the RMM is offline. So are all of your security, um, right now we, uh, you know, deploy the security through, through RMM or can, but with that platform offline, we still have all of our other security layers, uh, still active and getting updates. Yup.

Speaker 4 (15:18):

Good point. Yeah.

Speaker 3 (15:21):

It's another, it's another good reason why to not necessarily, um, as a, as a provider, and this is not necessarily something, uh, a customer is able to, to know, uh, easily, but, uh, it is important to not have all everything under one roof, because if that roof gets popped while there, I mean, there goes your whole thing. Right. You know, there has to be some separation, um, so that the layers can cover each other if they need to, because that's, that's kinda the reason we have it there, uh, is because sometimes you got to do that. Um, and this, uh, this past weekend, I think showed that plain as day, um, those that had certain things in place were unaffected and others. I was reading in, in various chat channels. I was reading it live as they were discovering how they were compromised and how were they're having to destroy their weekends just to hope to get their clients online by Monday morning.

Speaker 3 (16:19):

And it was a distant hope and it was very sad to read that happen in real time. I'm very thankful that, you know, none of us here had that problem. Um, but with, without the, the layers in place, it it's just going to happen here at some point. Well, Liz, sorry, sorry, Chris. I mean, think about the difference on how we are when we heard the Kaseya attack, right. And it was shut down. Most of us immediately went to plan B, which is actually confirming resources immediately. Now we knew certain things. We managed backup all the time. We communicate that with our customers, we're checking those things, but we validate at another point that detection did we have any abnormal increases in file changes all of a sudden, right. One check, we had another compromised detection tool. We're the canaries that are called, where they going off check.

Speaker 3 (17:11):

We have three additional layers besides that, that gave us peace of mind to our customers that, you know what, right now, things are looking good that if we did have that very dynamic approach, we'd be responding, reacting as the story was unfolding. It may not be in a good position. So having a proactive provider, uh, having a dialogue with you about that's important, and it's not always up to the MSP to ask the questions as the end user, especially if you're a leadership of your organization, you need to ask questions regarding your security posture, ask the, what if scenarios, what would happen if we would ransomware today? How can we prevent that from happening? What do I need to invest in, in order to stop that? Right? Don't just assume that your MSP is constantly thinking about these things. Not everybody does, you'd like to believe they do, but like Lance said, before, printer nightmare comes out and we're all scrambling a lockdown that vulnerability, you know, maybe something else was missed. But again, if you got the right tools and you're asking the right questions, you definitely get a much better feeling and peace of mind that, yep. This is covered. I know they got a good partner here and you know, where you stand at any given time in relationship to threats that are out there. Yeah.

Speaker 1 (18:28):

And you don't have to be a technical person, you know, you can just be a business owner that, and just have that conversation with your, with your, it just say, yeah, what if backups fail? What if virus got through? What if ransomware happened? Or, you know, just, just bring up these, these talking points with them. Um, you know, it might reveal, um, something that you're just not expecting.

Speaker 2 (18:51):

You're, you're identifying the critical reason to have business reviews with, um, with our, our clients. Right. So, yeah, it's so important that we, uh, our clients get to ask us, um, how are things what's going on, um, in the it world? And we can do the same. We can, we can, uh, ask them how things and, you know, and identify things like what just happened, um, and how it, how it was that we were able to, uh, prevent any real damage. So, so those business reviews are really, really important.

Speaker 1 (19:21):

Yeah. The relationship should be considered, you know, a business critical relationship or, you know, critical piece because if things aren't being done the way that you thought they might be, or there could be different impacts, um, ransomware can shut down your, your business altogether. Very good. Um, anyone else have any comments or other items they'd like to bring up is kinda just so less peace.

Speaker 3 (19:53):

Okay. I think another thing is, uh, from a customer point of view is you should expect if you're, if you're using, uh, an outsource provider, you should expect them to be bringing to your attention, um, changes to be made upgrades, to be made in insecurity, um, in productivity and things like that. If you don't hear from them, uh, until like you need to buy a new computer or something like that, then very quickly, your provider is probably getting behind the eight ball for what's happening because the landscape is evolving, not as fast as your cell phone does anymore. You know, this stuff changes all the time. Um, I know for us, uh, we had, uh, email security layer that we had in place for quite a long time. And it did the job very, very well. But then we came up with another one, uh, that we found, we put, you know, several months of testing into it and found out, man, this thing is just better.

Speaker 3 (20:49):

It does cost a little more, but it just it's ticking the boxes better than this one did. And it's fine and stuff, this one missed. And that's, that's what my clients pay me for is to be at the very head of that, looking at that stuff, to make sure that they're getting what they need to stay in business. Right. And yeah, I had to go to them and say, you know, this it's, the price is going to go up like this, but this is what we're doing. And this is why, and this is why we think it's important. Um, and we've started to move our clients over to this, over to this new platform. Um, and that's, you know, that's part of our job. Uh, all of us here, we all kind of do that, um, to be bringing that stuff. And it's not always like buy something new, sometimes it's just, we can do this like this and your business can now be better or protected, more pro, more productive, whatever it happens to be.

Speaker 3 (21:41):

Um, that's something that you, as a customer should expect from your provider. And if you're not getting it, you need to ask why not answer that? Yep. To that point, Lance. So you got to think about it from a standpoint of, we are so informational computing dependent right now that if you're not asking yourself when it comes to the what ifs and that, what if actually has a plan in place now? All of us, I'm sure we'll be discussing incident response plans regarding this with our customers. Right. But you go to detection, prevention and response, right. We're all over it. Right. Um, but if you look at that as an end-user and your organization, what happens if your internet provider is down for a longer period of time, how do you function? I still hear stories when I'm out in the public and talking in that, you know, four hours of internet and nobody knew what to do because they were so used to computers.

Speaker 3 (22:33):

They just dawdled around, well, you can have a plan. You can go back to paper if you have to, it's not ideal, but you know, if you fail the plan, you plan to fail and you have to look at all these different events, we're still dependent on electricity. We're still dependent on internet. We're definitely dependent on our computers. We're dependent on our printers. We're dependent on our servers, even if it's moved to the cloud, we have this dependency. So you have to still rely on what happens if, and then break your scenarios out as part of your planning. And you may say, you know what, no big deal. If I can't do anything, I can't do anything. That's the plan I've made the decision that we will, we'll send people home in that event, but that's the decision.

Speaker 2 (23:15):

Yeah. I agree with, uh, Gary and Lance on, uh, the points they brought up, I would add, um, along the lines of what Lance was saying about making a change, I've had the same email defense is what I call it. Um, that, that looks at spam and malware and viruses that might be on it, but it didn't really do very well at fishing. So I looked for something that can do a better job at catching phishing emails, because that's still the number one attack vector for these cyber criminals use greater than 90% of the, um, of the attacks are happening through phishing emails. So, so that was a really crucial point to attack. So we've implemented, you know, probably the same thing that Lance has and, um, as far as, uh, that anti-phishing capability, but it also takes care of the viruses and malware that might be on there as well as cover cloud-based resources, such as, you know, the Dropboxes or one driver SharePoint, or, um, if you have G suite so we can cover all of that now more effectively.

Speaker 2 (24:18):

So, um, the other things that I think are really critically important right now is I think it's absolutely important because the environment is so bad out there. It's so bad. As far as the attacks go, you need to lock down your, your business environments. And what I mean by that is, is only allowed approved applications to run. So you need to have an application that, uh, or you need to have a system in place, that'll allow you to do that. Um, so anti-phishing, uh, having a complete lockdown of your environments that only approved applications can run. You know, then you're going to look at as having, um, more secure connections from the computers themselves out to the internet. So, uh, some of these things I'm talking about are zero trust framework. That's another buzzword. You'll probably start hearing about a whole lot here in the next year or so.

Speaker 2 (25:10):

And that's some of the things that we've been talking about here, we're talking about, and it, it, it is exactly what it sounds like zero trust, meaning we don't trust anything because it's so dangerous out there. We want to just lock down our environment so that, um, only the things we know and want to run, run, and anything that's suspicious is going to be stopped and looked at by our security team. So, um, I think that's another really critical aspect to look at here. And, uh, that's something that if your managed service providers not doing that for you, then I think it's time to look elsewhere because you need these things in place to, to have the proper security because security, I love what, um, uh, one of our partners say is that 99% secure is 100% unsecure. And that's true. If you're weak in any one area, that's where they're going to hit you. And they, you know, they're constantly probing the, the, they being the cyber criminals out there. They're constantly looking for ways to get you. So if you don't have these multiple layers of, uh, of security, you need it. Um, companies like ours will help provide that to you. So, uh, reach out and let us help you.

Speaker 3 (26:19):

Well, and John, especially with password reuse out there, but we still know that a problem that's going on with end users, right? MSPs, haven't quite shifted to educating the end users on newer paradigms as far as password. So they're still under the same 90 day change. And all users do as increment by one and go through. And then with the dark web, those things are being published. It's another attack factor. If I know your email and I know a password iteration that you did, I just try to increment it and see if I can get in. And I'm in your system. And that ties back into what multi-factor authentication. Some of these things are very basic fundamental that you, as an organization and end user, if you're willing to just do some of those basic things, you actually take away a lot of the immediate, very quick threats. And you, you make, at least you make the threat actors work a little harder,

Speaker 2 (27:09):

Right? Absolutely. That, that, um, database of 8.4 billion credentials on that well-known, um, uh, dark website, favorite of cyber criminals, you know, they published credentials and that's exactly what they're doing. They, they even de-duped that, I mean, they went through and made sure there were no duplications and all that. So that's, that's 8.4, supposedly 8.4 billion with a B uh, unique credentials. Um, I think that's more than we have people in the world, but people have multiple sets of credentials. So that's what the brute force attempts are doing. They're taking those credentials and run them against every single website they can think of. And sometimes they hit gold. So, um, yeah, like what Gary was saying, multi-factor authentication or two factor and you probably think, well, that's a big word. What does that mean? Well, that's like when you have your cell phone and you get a text message, like when you try to use your bank, they send you a text message. That's one form of two factor authentication. It could be your eyes that it's looking at your eyes, or it's looking at your face, like the way an iPhone will do, or your fingerprint scan, or any of another, a number of other, uh, biometrics or applications you, you have that allow you to authenticate. So that's, that's that that would kill like over 99% of those breach type related hacks just by simply using two factors. So great point, Carrie.

Speaker 1 (28:31):

Yeah. Very good. Um, yeah, I think that's kind of all the, the main, uh, items that, that we had on the list. Um, the last thing though, I just want to offer up, uh, for anyone watching is a e-book that we created 11 security steps, your it is not doing and why it's critical to start. Now. These are very common, uh, points that when we have taken over it for new companies, um, just lack of different security that should always be in place. And so this isn't something to look at and necessarily harp on your it for, but it to bring up, make it, you know, a talking point, uh, that are there items that you can go to your existing it and say, Hey, you know, or what are we doing about this? Or is this on, or a very non-technical, uh, discussion, but it can make a, a big difference in your overall security. Yeah. Well, thank you everybody for, uh, joining and, uh, hopefully it, uh, brought a lot of good, helpful information to, uh, to more people, business owners, community. Thank you. Great to see you guys.