Government Technology Service Provider (TSP) data for sale on the dark web by Netwalker.

This morning our colleagues over at IT Simplified and I were having a conversation about a Technology Service Provider (TSP) whose data is available for sale in about 12 days on the dark web.

This company per their website provides services to the government from across its multiple locations in VA, an area with many companies that deal with government agencies.

With the spate of government related breaches in the last month or so, we imagine this is merely the beginning of many data sales related to breached Technology Service Providers (TSP’s). The typical Technology Service Provider (TSP) have unfettered access to client systems and data. Due to this, its imperative the Technology Service Provider (TSP) take security seriously and deploy the appropriate protections. When a Technology Service Provider (TSP) is breached, there is a higher than average likelihood the attacker now has access to the Technology Service Providers (TSP’s) clients and their data.

It’s not just the Technology Service Provider (TSP) data that is available, it’ll likely be client data which could include government data.

Based on readily available information, it would seem this Technology Service Provider (TSP) was a soft target for the Netwalker Ransomware group;

  1. The ConnectWise Business Management system used is self hosted with RDP (port 3389) open (post breach awareness), a big no-no in our world.
  2. The Remote Monitoring & Management System SolarWinds N-Able is also self hosted with many unnecessary ports open to the world.
  3. The Technology Service Provider (TSP) in question outsources its helpdesk to Collaborance (outsourcer that outsources?).
  4. There is no SIEM for a post event autopsy.

Now is always the time to review what your Technology Service Provider (TSP) has access to and ensure the appropriate steps are being taken to protect themselves, you and your data.

If you and your company are not Expertly Managed, perhaps you’re due for some peace of mind with Kontinuum.

Operators are standing by…

Fan of the show?

If you have any questions you'd like to ask or would like to be a guest on the show, use one of the buttons below.

Copy of cover V.21
About

Plans are useless but planning is indispensable and crisis will reveal how you operate.

Join me as I discuss ongoing cybersecurity incidents, trends and best practices to help information security professionals catch threats before they become incidents.

Connect
  • info@amplifiedandintensified.com

  • Contact

  • Spotify

  • Apple Podcast

  • YouTube Channel