Hackers are leveraging a a two-year-old flaw in a third-party plug-in to infect scores of companies with GandCrab ransomware through their managed service provider (MSP) according to Chris Bisnett at Huntress Labs.
Gandcrab #Ransomware Slingers Target MSPs https://t.co/PFRAbxJCDC pic.twitter.com/RIe6ADxJRc
— SecPro (@SecProInt) February 17, 2019
Justin Jett, Director of Audit and Compliance at Plixer:
“One of the most dangerous risks to businesses are the technologies controlled or owned by third parties. Organizations must be vigilant by monitoring network traffic to and from businesses devices and assets. Malicious actors can only gain value from compromised devices if they have communication with that device. This means they have some external device used to communicate like a command-and-control setup. This allows them to leak data, but it also means they expose themselves to businesses that deploy network traffic analytics. While it is impossible to completely control supply chain vulnerabilities, by monitoring network traffic to devices vendors are granted access, businesses can identify anomalous behavior, report the problem to the vendors, and close security loopholes more quickly than if they wait to be informed by the vendor that there was a breach.”