thinkCSC Security Alert

ransomware attack on Kaseya VSA

Don’t Panic Over Reports of Another Serious Ransomware Attack – ACT

By | business continuity, Ransomware, thinkCSC Security Alert | No Comments

Just as everyone was getting ready to celebrate Independence Day, a major cyberattack occurred. What made this ransomware attack different from others was that the cybercriminals went after MSPs, via Kaseya VSA – Kaseya’s RMM (remote monitoring and management) tool.  By doing so, the perpetrators gained access to many of Kaseya’s MSP clients as well. More than 17 countries have now been impacted.

thinkCSC does not use Kaseya VSA.  However, this should serve as yet another wake-up call to every business of every size that the risk is real: No one is immune to cybercrime. Another business is compromised every 11 minutes. And most of the time, the attacks are preventable. So instead of panicking, it’s time to take action.

Risk Assessment

If you don’t know where you’re vulnerable, you need to assess your risk. Our team can evaluate your existing security protocols and make suggestions for what needs to change to keep you safe. This is the place to begin, even if you already have an MSP partner, to make sure your data and your customers are protected.

Comprehensive Security

Experts have been predicting for years that cyber warfare is going to be the next global pandemic. We’re already seeing signs of large-scale threats disrupting everything from energy and food to medical care. There is no time to waste, no excuses not to act. If you don’t have comprehensive security in place, you are at risk.

What if…?

Consider what would happen if a data breach occurred at a local bank, an online shopping site, or a social media company. What if the cybercriminals were able to access thousands of usernames and passwords? What if one of these compromised passwords belonged to an employee in your organization? How would that impact your company?

You’re Only as Safe as Your Employees

Can you be sure that an employee has not reused a compromised password somewhere within your network? Do you have a password manager and multi-factor authentication in place? Do your employees know the risks and how to minimize them? If a threat becomes evident, do they act swiftly to minimize that threat by changing passwords and enabling 2FA on all of their accounts?

Employee Awareness Training Turns Your Team into a Strong Layer of Security

How capable are your employees of recognizing phishing emails? Do they know the steps to take if their data has been involved in a breach? Are they reusing the same passwords from their personal accounts on your business network?

In almost all of the major ransomware attacks that occur, there is a missing security element: a piece of software has gone unpatched; a former employee’s access to the network has not been rescinded; an employee is tricked into wiring money to a hacker because of a convincing email. Employee awareness training can help eliminate that risk.

In the time it took you to read this article, another business will experience a ransomware attack. Will yours be next?

We all have an opportunity to use these latest threats as a reminder to shore up our security, both personally and within our organizations. There is no more time to lose. The next ransomware attack is already underway. If you’re not sure where to begin, get in touch with our team to talk about risk assessments, employee awareness training, and comprehensive cybersecurity solutions.

Windows DNS Server Vulnerability

Vulnerability in Windows DNS Server

By | thinkCSC Security Alert | No Comments

July 2020 Security Update

Earlier this week, a “critical ‘wormable’ vulnerability” was reported by Microsoft within Windows DNS Server. This vulnerability only impacts Microsoft DNS servers. thinkCSC customers who receive automatic updates do not need to be concerned; patches will be deployed as part of their regular maintenance.

What Is a “Wormable” Vulnerability?

A “wormable” vulnerability is a threat that can spread malware from one vulnerable machine to another without any human action. Current thinkCSC managed IT clients have already had this threat resolved; however, if you have an internal IT department for your organization, we urge you to apply the update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server, as quickly as possible. The vulnerability has a CVSS base score of 10.0 – the highest possible threat rating.

Registry Mitigation

If you are unable to immediately apply the patch to your environment, a registry-based mitigation can be applied. This mitigation does not require you to restart your server, so it can be applied without delay. You can find details of both the vulnerability and the registry mitigation in Microsoft’s CVE-2020-1350 update.

Threat Evaluation

The threat is caused by a misconfiguration is Microsoft’s DNS server role and impacts all versions of Windows Server, allowing unauthenticated hackers to gain Domain Admin privileges on servers. While the threat is critical, it can only be exploited when the system is operating in DNS server mode. This means that the number of vulnerable computers is likely low.

If you have any questions or concerns, please contact your vCIO. If you have not partnered with thinkCSC for your Managed IT needs, please get in touch.

Subscribe to thinkCSC’s monthly tech update here.

password spraying

Citrix Data Breach – What You Need to Know

By | Data Security, thinkCSC Security Alert | No Comments

Recently, Citrix, a U.S.-based software firm, confirmed that the “international cyber criminals gained access to the internal Citrix network” and downloaded business documents and other files. The hackers gained access using a method called “password spraying.”

What Is Password Spraying?

Password spraying occurs when hackers use a list of common passwords to try to breach the system. They sometimes use passwords leaked from other breaches, according to Dark Reading, hoping that employee reuse their passwords at work.

How Do You Protect Your Organization from Password Spraying?

Nothing makes a stronger argument for more stringent password requirements for your employees than the results of this study conducted by the National Cyber Security Centre, UK’s independent authority on cybersecurity:

  • 75% of the participants’ organizations had accounts with passwords that featured in the top 1,000 passwords
  • 87% had accounts with passwords that featured in the top 10,000

Allowing your employees to set their own passwords puts your organization at risk.

Most people don’t want to remember numerous usernames and passwords for multiple accounts and programs, and many don’t feel confident in their ability to accurately recall that information. More so, they dislike having to regularly change passwords on individual accounts and being forced to forget previous passwords in exchange for new ones. To deal with this frustration, they tend to do one of two things (or both):

  • Re-use the same usernames and passwords across multiple accounts
  • Write down their usernames and passwords, and store them in their workspace (usually in a place that is easy to find, often on their desk or in a top drawer)

Learn a Lesson from Citrix

If you do not have strong password security and password policies, today is the day to change that practice. Passwords should be long, randomly generated, changed often, and only one layer in many of your overall security effort. You should also be monitoring the Dark Web. thinkCSC is here to help ensure your cybersecurity systems are strong and vibrant, to assist you in your preparation for and response to cyberattacks. Together, we can avoid the mistakes that are common among so many businesses and organizations, in the end becoming as secure as possible in today’s technological world.

thinkCSC provides Dark Web monitoring services provided through a strategic partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, thinkCSC can now offer 24/7 monitoring of millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards, and illegal black-market sites, to alert you of stolen or compromised data and passwords.

While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals, and –others – to invest in stronger IT security that includes offsite backup and recovery and managed security. These protections, combined with ongoing staff training, strict policies, and constant vigilance, are an absolute necessity in today’s cyber environment.

For new customers interested in information on obtaining our services, please contact us at