While the AI backlog is getting interesting, I’ll revisit that tomorrow. Today, I couldn’t help but start with this one.
The LockBit ransomware group is using remote monitoring and management (RMM) software to spread its ransomware and gain access to targeted networks. By taking advantage of exposed RMM instances or bringing their own RMM, the group establishes persistence and compromises downstream customers. The MSP in question had left its ConnectWise login panel exposed to the open Internet. The justification, the researchers speculated, was to make it easier for its customers’ IT administrators to access the service. But with brute force, or simply by purchasing them from the Dark Web, the attackers gained the necessary credentials to break through. Within five minutes of the intrusion, LockBit began dropping its ransomware binaries on multiple endpoints.
In fact, ransomware gangs in 2023 are increasingly targeting small and medium-sized enterprises (SMEs) with under 200 employees, according to data from Trend Micro. LockBit, ALPHV/BlackCat, and Clop are among the highest-profile operations, with LockBit preferring to target SMEs due to their perceived likelihood of paying without resistance. The number of ransomware victims surged by 47% in the first six months of the year, with the majority of victims based in the US. The banking, retail, and transportation sectors were the most targeted, and the number of active ransomware-as-a-service (RaaS) groups grew by 11.3%.
Why do we care?
There’s a steady threat directly to MSPs and IT services organizations due to their avenue to the valuable target, SMBs. We’ve seen this story before. SMBs are seen as easier targets who are more likely to pay ransoms without putting up much of a fight. Couple continued coverage of this story with the recent CISA focus on securing RMM, however, and the ability to brush this off diminishes. Failure to secure their systems is not merely an internal risk but a potential catastrophe for their clients
A listener recently cited that too many SMBs were telling them that quote they weren’t a target. Here’s your report that they are. SMBs need to shed the complacency that comes with thinking they’re ‘too small to notice’. The data speaks otherwise