A single ransomware attack against a New Zealand managed service provider (MSP) disrupted several business operations for its clients overnight. Most of them belonged to the healthcare sector. A “cybersecurity incident involving a ransomware attack” in late November left New Zealand Ministry of Health staff unable to access thousands of medical records, disrupting daily operations, according to the country’s Privacy Commissioner. , six health regulators, health insurers, and a handful of other businesses were also indirectly affected by the attack.
According to its LinkedIn page, the MSP targeted in this incident is Mercury IT, which has 33 employees based in Australia. New Zealand’s Ministry of Health, Te Whatu Ora, was unable to access at least 14,000 medical records due to the Mercury IT outage. This includes his 8,500 bereavement care service records dating back to 2015 and his 5,500 genetic heart disease registry records from 2011. Posture can inadvertently harm medical patients.
In the private sector, health insurance company Accuro reported illegal downloading and dissemination of corporate data following the Mercury IT attack. According to Accuro’s statement, most of the stolen data pertained to the company’s finances and was subsequently leaked to the dark web. Some of the stolen data includes members’ contact information and policy numbers, he added Accuro, but said it has not observed any misuse of the stolen personal data.
MSP Attack: Kill several birds with one stone
This incident shows that MSPs are attractive targets for attackers due to the sheer amount of client data stored on a single company’s systems. A cybercriminal can steal sensitive data from dozens of companies at once by exploiting just one security vulnerability in her MSP. Investigators are too early in the investigation to determine the attacker’s goals and motives, but she has a clear lesson in the story for IT administrators. That is to audit her MSP’s security practices before paying.
Password: weakest link
The 2021 MSP Threat Report by ConnectWise reveals that 60% of MSP client incidents are related to ransomware. All ransomware groups need is the simplest method for a successful attack: weak passwords. Despite new forms of authentication being developed to make passwords obsolete, passwords remain the most common and weakest way to protect data.
Therefore, one of the most popular methods of distributing ransomware is the RDP brute force attack. An attacker initiates a brute force attack by using an automated program to try a long list of password combinations for an account until it guesses the correct password through trial and error. Once inside, attackers are free to steal data from targeted organizations and paralyze systems with ransomware. Common defenses against brute force attacks include limiting the number of login attempts before the account is temporarily locked.
Vendor password audit
Organizations risk inheriting vendor security weaknesses without conducting a security audit beforehand. Specops Password Auditor is a free, read-only password auditing tool that helps IT administrators make better decisions by scanning Active Directory for password-related security weaknesses. This tool allows administrators to view the security posture of all accounts, so accounts with compromised passwords never go unnoticed.
Specops Password Auditor gets to the root of weak passwords by identifying the password policies that enabled the creation of weak passwords in the first place. Specops Password Auditor MSPs can use interactive reports generated by Specops Password Auditor to identify policy compliance and which policies are dependent on the default password policy. You can also compare your password policy with various compliance standards such as NIST, CJIS, NCSC, HITRUST, and other regulatory agencies. IT admins can request vendors and their MSPs to run this free scan and get a read-only report. For precise security planning, administrators can customize password policy compliance reports to display only the standards relevant to their organization.
You can download Specops Password Auditor for free here.
