Chris Swagler | July 13th, 2022

A New Jersey-based Information Technology (IT) Managed Service Provider, SHI International, confirmed a cyberattack breached its network. SHI, one of North America’s largest IT solutions providers, brought in $12.3 billion in revenue in 2021 and has 5,000 employees globally in the United States, the United Kingdom, and the Netherlands. Additionally, it provides IT services to over 15,000 global corporate, enterprise, public sector, and academic customer organizations.

During the Fourth of July weekend, a coordinated and professional malware attack targeted SHI International forcing numerous systems, including email, offline. The cyberattack shut down SHI’s website, instead displaying a cyber incident notification providing few details about the attack; the company’s blog published the same announcement.

SHI’s security and IT teams reacted quickly, which allowed them to identify the incident and enacted measures to minimize the impact on SHI’s systems and operations. The preventative measures of taking its public website and email offline were taken as the company investigated the attack and assessed the systems’ integrity. SHI restored employee access to email allowing customers to contact their account teams and specialist through email and phone. The IT team continuously worked to restore systems back to full availability in a secure and reliable manner.

SHI updated its website with a message informing customers and visitors that maintenance was being done on its information systems because of a “sustained outage.” While the incident is an ongoing investigation, SHI is collaborating with federal organizations, including the FBI and CISA. There’s no evidence to suggest that clients’ data was exfiltrated during the attack. Additionally, no third-party systems in the SHI supply chain were affected by the malware attack.

SpearTip’s intelligence indicated that threat actors were going to launch a targeted cyberattack during the long Independence Day weekend, similar to last year’s attack breaching Kaseya’s VSA Servers. Overnights, weekends, and holidays account for nearly 3/4 of all cyberattacks because IT and security teams are typically understaffed and overwhelmed by alerts. Major holidays over extended weekends are times of increased vulnerability for highly valued targets, like MSPs, for their vast access to many clients and their business-critical data.

With more cyberattacks targeting MSPs and IT services companies, it’s critical to remain alert to the current threat landscape and regularly update data network security infrastructure. At SpearTip, our pre-breach risk services in MSPs’ current catalog allow them to upsell their security offerings. Our certified engineers respond to thousands of security incidents and improve their clients’ operational, procedural, and technical control gaps based on security standards. We offer an all-in-one cybersecurity solution that allows MSPs to focus on their clients’ core IT objectives while providing industry-leading protection against malicious threats. Partnering with SpearTip will enable MSPs to receive a turnkey SOC and a team of experts dedicated to their account 24/7/365, allowing their current team to focus on client interactions.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.