Criminals are buying access to your business.....
These stories are a bit nuanced. I hesitate at times to post overtly technical headlines with the bulk of the subtext doing little to lift the veil, but....
The below story/post is detailing a criminal offering access to a software platform that gives the buyer complete control over any computers within the system. Thinking comparatively, try to imagine the EMR, CRM, client database or POS that you use to conduct business regularly. Most businesses function this way and IT companies are no different. Most modern tech companies are using some type of management software to organize clients and perform support and maintenance. What this story specifically points out is that these criminals have gained access to tech/IT company management software and are selling access to the highest bidder.
What is the potential fallout....just imagine for a moment if you will that someone gains access to your computers while you are not in the office. They are all unlocked, and someone is just walking around the office with no limits on how nefarious they may be. Would that be comfortable? I doubt it. A criminal could delete files, crash programs, install malware or ransomware, read emails, attempt to access banking information through saved passwords on browsers....the list goes on. The situation would be BAD, and this is exactly what selling access to an RMM (as referenced) in the story would allow someone to do.
Why did I choose to post if I thought it was a bit nuanced and overtly technical? For one simple reason, REMEMBER just because you have used a company for a long time, or it is someone you know from church, or the business across the street uses them (your tech company) doesn't mean they are adhering to modern standards, regularly being audited or are maintaining compliance as you may expect or assume.
Security and Compliance in 2024 is complex and expensive. DO NOT assume that the companies you are doing business with are doing their part. VERIFY that they are before it turns into a problem for YOUR business.
How? Ask for compliance standards that they adhere to, request an independent audit, hire another company to perform a one time evaluation. Any company worth doing business with is going to be open to inspection and scrutiny. If they aren't, maybe take that into consideration.
Harden the Target, Stay Vigilant!
Reflections on article tagged below: