Proactive Security Measures

Nick Isaacs | July 15th, 2022


When it comes to cybersecurity, it’s important to have proactive security measures implemented in case of potential cyberattacks. For tens of millions of Americans, the recent 4th of July holiday was an opportunity to relax, gather with friends and family, and celebrate the joys of Independence. In the cybersecurity world, the holiday is unfortunately marked by an industry-changing cyberattack that occurred just over one year ago.

While most people were preparing for a long weekend—including numerous security and IT teams—our team of engineers was hard at work in our 24/7 Security Operations Center (SOC) monitoring our clients’ networks and gathering the latest threat intelligence. Doing so allows us to implement proactive security measures and remediate any malicious activity before threats actualize in an environment.

Our intelligence indicates threat actors prefer nights, weekends, and holidays to launch nearly 75% of their attacks precisely because defenses are down and security teams are short-staffed, if not entirely off. Small and midsized businesses (SMBs) and contracted MSPs are especially vulnerable due to their size, financial limitations, abundance of tools to manage, and lack of 24/7 cybersecurity, and proactive security measures.

Importance of Reactive and Proactive Security Measures Working Together

What Happened Last Year

One of the most popular remote monitoring and management tools used by over 40,000 MSPs is Kaseya’s virtual system administrator (VSA), which allows users to maintain focused insight into client environments. Multiply this by the 122 clients an MSP supports on average and it’s clear that this one tool has tremendous access into thousands of SMB environments. As such, threat actors spend a lot of time performing reconnaissance and customizing an attack plan to locate and exploit a software or security flaw to access business-critical data from thousands of organizations.

The Russian-based REvil ransomware group (aka Sodinokibi)—now defunct following international pressure, intelligence, and investigations—exploited the lapse in focused security operations during last year’s Independence Day weekend and infiltrated Kaseya’s VSA software. Most companies, unfortunately, were unable to respond effectively. As a result, around 1,500 SMBs and more than 50 MSPs were victimized by ransomware and experienced extraordinary downtime.

This most recent Independence Day, again landing over a long weekend, we saw a similar attempt by threat actors to target a global MSP leader, SHI International. Given the proactive work of cybersecurity teams safeguarding the channel and enhanced threat intelligence, a large-scale incident was prevented. These two events serve to remind us just how necessary it is to stay aware of the current threat landscape.

How We Responded

SpearTip was at the forefront, defending businesses from the ransomware attack. As the attack was unfolding, our team actively prevented our partner environments from being affected. Because our engineers operate from our US-based, 24x7x365 SOC, we were immediately alerted to suspicious activity, which was just as quickly isolated before it was able to gain a foothold within their networks.

Our response, however, was not made at the moment; a lot of front-end work went into it. Prior to gaining any true active incidents, our team was pulling threat intelligence and data surrounding known intrusions. We collected payloads and analyzed actions being taken by threat actors in a bulk scenario, and discovered the same indicators of compromise in each environment. From this, we built a response playbook allowing our incident response team to provide our clients’ resources as we reviewed and protected their machines prior to any potential impact.

 Once cases of active breaches began coming in, the SpearTip team was able to quickly assess environments, collect forensic images, and provide responses to critical questions, such as “Was any data stolen?” Based on the proactive measures taken by our tremendous team of security analysts, cases were quickly resolved and businesses received assurance their environments, including business-critical data, were protected.

 Our Continued Response

Reflecting on the aforementioned events, the SpearTip team has reaffirmed our belief in and commitment to providing 24/7 proactive security measures, intelligence gathering, active network monitoring, and real-time threat remediation to our partners. Furthermore, we’ve realized the need for enhanced cybersecurity for MSPs and built a platform to serve the channel. Attack surfaces are too great, particularly as threat actors are increasingly targeting the channel to potentially gain access to the data of hundreds, if not thousands, of businesses.

SpearTip’s IR department assists MSP clients continuously by responding to cyber events for their customers, providing pre-breach advisory services, and actively defending their networks. We have proven to our partners that we will go to work for them immediately so they can avoid an attack like last year’s from happening again.


Connect With Us

Featured Articles

DNS Tunneling
DNS Tunneling: New Tactic To Scan Networks and Track Victims
10 June 2024
Mastermind Behind LockBit Ransomware
Mastermind Behind LockBit Ransomware Unveiled and Charged
07 June 2024
Unchecked User Privileges
Unchecked User Privileges: How to Counter
03 June 2024
Cloud Migration
Cloud Migration Impact on Network Security
28 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.