Forthright’s Response To Kaseya & Solarwinds Security Breaches
The following was sent to all Forthright managed services clients from Forthright CEO Andrew Medina on July 8, 2021
On July 2, 2021, Kaseya VSA and earlier this year, Solarwinds were hacked and their services were used to deploy ransomware to potentially thousands of companies worldwide. This hack was novel in that it used a tool that companies such as Forthright (the industry term is Managed Service Provider or MSP) use to remotely manage and monitor their client’s infrastructure. By using the trusted connection that MSPs have into their client’s networks, the threat actors were able to bypass all security systems and infect the target networks.
- You are NOT at risk from this hack
- You should be taking this hack VERY seriously
Forthright does NOT use Kaseya VSA or Solarwinds. You are NOT at risk from this exploit. Forthright uses Datto RMM as its remote management and monitoring tool. Datto RMM is not connected in any way to Kaseya or Solarwids and Datto has stated that their security centers have not detected this exploit in their software. Enclosed below is Datto’s communication on the matter. However, you should take this event VERY seriously. What this event shows us is the lengths that these threat actors are taking to penetrate, encrypt, and hold data for ransom. Although this particular infection vector will be addressed and patched, there is no solution that can be installed or precautions that can be taken to absolutely guarantee that your systems will not be compromised at some point in the future. As such, the best course of action that can be taken is:
- Ensure that you are being protected from the known threats
- Ensure that your systems are backed up in such a manner that complete and timely restore from these backups will minimally impact business continuity
Forthright takes the health and availability of your systems very seriously. Over the next couple of months, we will be providing all our customers a complimentary Business Continuity Assessment detailing the level of protection from known threats and the current backup policy’s ability to restore the systems to full operational status. If the assessment uncovers deficiencies, our customers will also be provided with options to resolve these deficiencies. We need to be prepared for all eventualities. You can count on Forthright to assist you as we get through these concerning times together. Additional Reading:
Forthright Technology Partners
Forthright Technology Partners is a leading provider of solutions and services leveraging Citrix, VMware and Microsoft technologies where high availability and exceptional end-user experience are required.