MSP Dispatch (Audio)
MSP Dispatch (Audio)
MSP Dispatch 6/14/22:  ConnectWise Rebrands Products, Kaiser Permanente Breach, Confluence Hacked (Audio)
/

MSP Dispatch is your source for news, community events, and commentary in the MSP channel. 

Hosted by: Ray Orsini and Tony Francisco

Give us your feedback by emailing news@mspdispatch.tv

0:00 Intro
1:03 ConnectWise Rebrands CyberSecurity Products
6:21 Kaiser Permanente Data Breach
11:46 Confluence Servers Hacked to Deploy AvosLocker
17:39 Community Events
18:30 Sign-off
19:07 Outtakes

Story Links:
ConnectWise Rebrands Cybersecurity Products for MSPs
https://www.channele2e.com/news/connectwise-rebrands-cybersecurity-products-for-msps/

Kaiser Permanente Breach Exposes Data on 70K Patients
https://www.darkreading.com/attacks-breaches/kaiser-permanente-breach-exposes-70k-patients-data

Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
https://www.bleepingcomputer.com/news/security/confluence-servers-hacked-to-deploy-avoslocker-cerber2021-ransomware/

Connect with our hosts: 

Be sure to follow us on social media: 
Facebook: https://www.facebook.com/mspmediatv/
Twitter: https://twitter.com/mspmediatv
LinkedIn: https://www.linkedin.com/company/mspmediatv/
Instagram: https://www.instagram.com/mspmediatv
Reddit: https://www.reddit.com/r/mspmedia
Discord: https://discord.gg/Hc7b55cJPF

Episode Transcript

Tony
Hello, everyone. It’s June 14th, and we’re kicking this off hard with the MSP Dispatch today. My name is Tony Francisco, and today we have an awesome co-host, Jason Slagle. The man, the myth, the legend, the person that hides behind the beard. He actually doesn’t have one in real life. It’s, it’s totally a filter. Jason, how are you doing?

Jason
I’m good. I’m good. Hopefully this Snapchat filter holds up for the rest of the show here.

Tony
There’s actually a – did you see the link online? And there’s a Facebook group talking about a charity event to shave off the beard.

Jason
I am doing it.

Tony
Oh, I, I mean, I’ll mortgage my house for this one. This is happening. Like, this is going to happen. That is awesome. Well, good for you, man. Good for you. OK, let’s let’s kick off some news. In Channel e2e, ConnectWise has rebranded multiple products and services in their cybersecurity portfolio for the MSP market. The rebrand solution reinforces ConnectWise’s ambitions in the security market where the MSI can drive down risk, accelerate automation and improve profit margins.

Tony
The rebrand solutions also phase out acquired companies, port security and Stratozen business brands in their new rebranding portfolio. Everything seems to start off with a ConnectWise theme. I don’t know if you’re going to notice. We have ConnectWise Cybersecurity Management, which describes all the overall portfolio previously known as ConnectWise Fortify, ConnectWise SaaS Security, which is formally Fortify SaaS, ConnectWise Risk Management, ConnectWise Endpoint policy, ConnectWise MDR, leveraging the SentinelOne or BidDefender, formerly Fortify Endpoint and ConnectWise

Tony
SIEM, formerly SIEM Only powered by Perch and ConnectWise co-managed SIEM formerly co-managed SIEM powered by Stratozen and Network Threat Detection by Perch and the list goes on and on. Jason, so many questions for you here. Is this simply a rebrand where they’re consolidating everything under a single umbrella? Kind of like the Las Vegas hotel where they don’t want you to leave?

Tony
Everything’s in there, just just a very simple rebrand? Or is it something deeper where they don’t want you to leave their ecosystem? What are your thoughts?

Jason
Oh, I think there’s probably a mix of it. I do think they were incentivized to get rid of some of the brands that they’ve acquired and kind of bring them under the umbrella. You know, they’ve, they’ve done that all along. Although, you know, those of us that have been here a while always call it Perch. We will always call it Lab Tech.

Jason
Right. And those perch shirts are going to become more valuable now because they’re they’re going to be gone. I do question some of the names they chose. If it was me and I was in charge of that, I probably would have left fortifying all of those names just to try to help with some search engine optimization. We seem to have this trend where vendors are naming things brand verb, and it makes it makes Googling them relatively difficult from time to time.

Tony
Well, maybe maybe there’s a cross-pollination there where the brand is the verb. I’m going to Google something you know, do you have a Kleenex? What’s a tissue in the manufacturers? Kleenex. And when the brand and the verb becomes ubiquitous to an action, that’s a huge positive. So maybe that’s what they’re pushing for. I can, and I can also, as you were talking, I could hear their entire marketing team listening to this and so quiet that you could hear their cells dividing, you know, like woah, woah.

Tony
Yeah, we’ve done which…

Jason
I’m waiting to get a text later from one of them.

Tony
And, and it has to be a very difficult process because again, you’re trying to correlate not just the brand, the ConnectWise brand with the action, which is may not be just an action. It may be an entire ecosystem in itself in this particular silo, all the way down to just a simple function where you’re trying to correlate a brand to that verb, to that action, to that function, or with the community that you’re trying to serve based on the acquisition

Tony
that was made. But at the same time, you’re trying to keep the isolated interest in that particular reason why that purchase was made. Would if in, in, in the event of ConnectWise consolidating everything under their ConnectWise umbrella, can you anticipate any other actions that they may go based on that track record of who they’ve been acquiring?

Jason
I mean, there’s there are still pieces of the puzzle that they have not yet purchased, right? They don’t have, you know, on top of my head, immediate ones, knowing other vendors I hang out with and frequent. They don’t have security awareness training. Right. I don’t think they have a good solution for – they have some assessment solutions, but I don’t think they solved the full problem.

Jason
There’s still unsolved problems, even though their breakage and the their reporting. Breakage is pretty lightweight reporting, right? Obviously, you can, you can get a little better than that. So I mean, there are stil,l there are still unsolved pieces inside of this ecosystem that they could still acquire.

Tony
Yeah, then and I think I’d like to remind everyone that the the input that we have and the opinions that we have on the rebrand, ok, just opinions. Once, once the marketing team does that assessment and they’re trying to figure out what that vision is and they make that move, it’s very difficult to put the pin back in the grenade.

Tony
So but ultimately, we have to understand that they have a vision and they’re moving forward in that division. I’d be really interested if they they heed the suggestions that Jason just made. So… So, let’s kick off to the next story. Kaiser Permanente had a breach. Kaiser recently revealed that an employee email compromise on April 5th left personal medical information PMI on nearly 70,000 of its patients at risk of compromise.

Tony
Although Kaiser said that the attacker had access for only a couple of hours, there’s no evidence that the sensitive data was breached. Patient information included first name, last name, medical records, dates of service, and lab test results were involved in this. The company said in a notice that that went out public, which, of course, is going to affect the corporation as a whole.

Tony
This is something that is going to involve a lot of discussion between Jason and I. Jason HIPAA, GLBA, Sarbanes-Oxley Sec. All the compliance that’s been pushed so hard for the last, realistically, 12 years.

Jason
Yeah.

Tony
Is that having an impact? Because all we talk about here at the MSP Dispatch are security breaches, vulnerabilities, exploitations. Here’s the impact.

Tony
Ransomware has been shooting up drastically so much that last week we just talked about ransomware attackers are now attacking each other. Which begs the question, are you running out of customers? Are you getting bored? Is there a political driver behind that? There’s so many questions I have about this, but Kaiser is a huge, huge player in the medical industry.

Tony
Do you feel that the Compliancy that’s been implemented specifically HIPAA, has had a benefit, a beneficial impact on those that it’s targeting? And we’re talking about HIPAA which, of course, affects the medical community?

Jason
Yeah, I mean, I think it has I think that when you see these big, big, huge companies breached and there have been multiples of them, if you go look at the HHS like the HIPAA wall of shame, there are a ton of giant companies that have been breached over time. And I think it’s really disheartening to the smaller, smaller practices

Jason
when they don’t have near the budget of these gigantic companies. And again, they don’t have the same attack service either. But it’s it can become one of those things that like, well if Kaiser can’t protect themselves, like what chance do I possibly have to do so?

Tony
Well, are you right there? Confusing this story between the regular business and the smaller MSP and the larger enterprise. I couldn’t tell if you were talking about a large hospital and a small, you know, a small practice between a larger corporation and a smaller company. The SMB market, or you’re talking about a very large MSP with the standardized calcified security stack and practice and the smaller MSP that’s just trying to implement something more than a spreadsheet to keep everything going.

Tony
Well, I can’t I can’t put a PSA in.

Jason
So I think that it applies everywhere. Right. The same. Yeah.

Tony
So, so with these standards that are being implemented, is there any particular standard security compliancy that you are favoring? Are you, are you really appreciating one of them?

Jason
We align entirely everything to CIS, and then we map that back to wherever it needs to go just because the CIS is so prescriptive. And, it you know, it gives you a, like, it makes it easier to gather the evidence to indicate that you’re doing the right thing. So, I mean, right now, that’s that’s our favorite approach. We did look, and I have been looking recently whether I want to change and aligned in this CSF instead of just because it’s a little more widespread.

Jason
But in the end, I think you’re going to be, you know, HIPAA’s HIPAA. You have to do the things for HIPAA, but a lot of them, there’s overlap between a lot of these frameworks. So, if you try to implement eight different frameworks, you’re going to fail. So you know, you have to pick one and then map it to wherever the rest of them you need are and then fill in the gaps if you need to.

Tony
And you mentioned CIS. For those out there, the pedestrians in the audience, could be me, maybe. What is CIS?

Jason
This is the Center for Internet Security. They’re a nonprofit group that has a set of a security framework and a set of what they call benchmarks to the point where they’ll give you a run book to harden like a Windows Server to their benchmarks. Right? So like change the setting, changes set, and change setting. And these are the, the controls that they, that they actually implement by changing these settings.

Tony
For those of you listening, I cannot recommend enough that you look into CIS and that particular framework. There’s a good rule of thumb in life. If you can’t explain it, you don’t understand it. But once you understand something, once you understand the mechanics of something, the anatomy of how it all fits together, you can control it a little bit better.

Tony
You can manipulate it a little bit better because you understand what is movable and what isn’t. In this particular case, as Jason just pointed out, this is a framework that clearly explains how you should be doing something so you understand it better, and you have far more control and frankly, you can be much more effective in the security that you’re implementing for your customers.

Tony
So with that, let’s jump into the next story. Hang on, everyone. It gets worse. Confluence servers have been hacked. Ransomware gangs are now targeting and actively exploiting remote code execution vulnerability affecting Atlassian Confluence server and data center instances for initial access to corporate networks. Note, this has been recently patched. Confluence is a web based corporate week wiki developed by an Australian company, Atlassian.

Tony
It’s extremely common. We use it internally. Jason, I know you use it and this is going to be a topic of conversation. If this is successfully exploited. The OGNL injection vulnerability CVE 2022 26134 enables unauthenticated attackers to take over unpatched servers remotely by creating new admin accounts and executing arbitrary code. Jason, from what I understand about this particular hack, this is an on-premise exploitation.

Tony
It’s not really affecting the web-based version. There are very few of these attacks that have been noted. But isn’t the bigger story that your firewall, they’re not attacking a customer independently. They’re now going to the vendor level to get into multiple customers. They’re moving upstream. Is that, is that what you’re feeling is about this or is this something a little bit more local to just one particular genre?

Jason
I mean, there are these are on-prem servers. I haven’t seen any evidence that they’re coming down from like basically a master Confluence instance to attack things below it with tools like Showdown, it’s pretty easy to find wide swaths of a particular product that live on the Internet. And most people that run Confluence end up Internet exposing it. Right?

Jason
So it is a, it’s an application that is typically inside the firewall that is exposed to outside of the firewall. So if you don’t set your network up correctly or if you don’t have proper DMZs and network segregation, then it can very easily those services, Confluence or any other service like that can easily become a jumping point to basically laterally move inside of the network.

Tony
You brought up an interesting point about how it’s attacking one particular exploit, but you also made a very small reference to something upstream where they’re going at the vendor level like Kaseya, yeah. That that exploitation was, was, was – a had a huge impact on the MSP community. Do you anticipate this to be more of a corporate attack?

Tony
Because this is very much in the Atlassian group, which is very clearly into the MSP developer level audience, which is less of a financial medical hack. This is more on the back end on the technology that’s consumed day to day by people that aren’t really in the security realm. They’re, they’re focused on what their job is and the people that are walking these down aren’t worried about the implementation of something. This is coming straight from the vendor, just like the Kaseya hacks and all the other hacks that were in this particular case because it’s an on-premise deployment.

Tony
Is this something that maybe is pushing everyone towards a cloud execution, like a cloud consumption?

Jason
Yeah, maybe. It’s, I’ve, Ben, first, since we started discussing this story, before he came on, I’ve been having that internal debate in my head as to whether or not I think that cloud, because we’re on Confluence Cloud, we don’t run on prem. I used to run on prem for many years. I ran on Prem Confluence. But it’s CNWR that made the decision to, to go cloud-based.

Jason
The argument for cloud is that the vendor can make sure everything’s, everything patch is patched and everything is good. The argument against all cloud is that when there are vulnerabilities, you may not ever even know about them. Right? Because a lot of these walled ecosystems in the cloud, there’s no, there’s no CVEs for cloud services, right? Like you can’t go get a CVE for something that only lives in the cloud.

Jason
So these exploits, they get patched and fixed silently, without any indication to the client that may, that there may have been a security issue.

Tony
And that’s, and that’s the interesting part of of I think any on-premise deployment is that you need to operationalize every single aspect. It’s not just the the server set up. You now have to worry about the patches. You now have to worry about the the small updates. You now have to worry about all the ACLs and the, and the minor routing components that are vulnerable cities that are not internal are no longer internal.

Tony
They’re strictly external. But you have to worry about all of that. So that operational aspect is, you know, that’s quite a bit of a resource drain from something that you originally anticipated to be very simple.

Jason
Yeah, for sure. If you’re, if you’re not equipped to actually operate and run and maintain the software that you’re running on prem, then cloud is a clear choice, right? Like that because you just you’ve give that to somebody else. Right. The whole reason we have PAS and IES and all that stuff is because people don’t want to touch servers.

Jason
I don’t want to touch servers by day. So, you know, you outsource the stuff that you’re not good at to other people that are good at it.

Tony
Absolutely. We’d like everyone’s input on this. All the opinions out there, we can feel them as we’re talking, these opinions that are being yelled at. That’s not the way it works. Well, what about this? We want to hear from you. Give us a shout out at news@ MSPMediatv.tv You can see us on all the social media channels out there.

Tony
Of course, you’re going to see us on YouTube. Facebook is a great group. So with that, let’s jump into some community events.

Jason
So on 6/14, we have Tradecraft Tuesday presented by Huntress. 6/15 to 6/16, the ASCII Success Summit in Southern California. I’m actually pretty bummed out, I didn’t get to go to an ASCII this year. So 6/15 at noon, we have the NSITSP Vendor Partner Program Introduction Call where they’re introducing their partner program to bring partners into the fold. 6/16 at 11 a.m.

Jason
“What the Swag?” presented by the Channel Program. I’m super excited for that one. I love me some good swag on that. Matt did a thing about swag a couple of weeks back, and so this time they’re going to talk about what makes good swag. And then 6/17, we have the MSP Dispatch Week wrap up presented by MSP Media Network.

Tony
So with that, we’re going to wrap up today, June 14th, the MSP Dispatch show for everyone out there. Please, please, please reach out to us news@MSPmedia.tv. What a great show. Great having you on, as always, Jason, thank you so much. Any final word from you, Jason?

Jason
No, just glad to be here and I’ll see you guys next time, I’m sure.

Tony
Always a pleasure with that, everyone. Take care. Be safe out there.

Voiceover
This has been a broadcast of the MSP Media Network.

Tony
Portfolio for MSPs. The rebrand solution reinforces ConnectWise lofty ambitions to in the cyber in the cybersecurity market where the MSPs are seeking to drive down risk. Man I really hosed that whole thing from the beginning, we’ve got to do a retake. I’m so sorry. I’m still thinking about how to pay for mortgaging the house to CS beard being shaved off.

Tony
OK Kaiser Permanente. There was a breach exposed se- was impatient. I completely hosed that one, too. My own notes. I had misspelling in my own notes. How do my own notes have misspellings and I messed up. OK, ready ok. Confluence is a web-based corporate wit wiki developed by an Australian company, Atlassian. It’s commonly used. We use it internally Jason, I know you use it internally in this particular exploit.

Tony
If it is, it got I’m hosing my whole notes. This is the one that I deleted. I’m sorry. We have to do one more retake. I’m so sorry, mate. Let me delete some wipe.