When an RMM maker speaks with partners about security these days, one word comes up a lot: SolarWinds.
That, of course, is due to recently revealed vulnerabilities implanted in SolarWinds’s Orion management system by sophisticated hackers believed to be working for the Russian government. Though neither of the two RMM products offered by SolarWinds subsidiary SolarWinds MSP were affected by that breach, managed service providers who have increasingly found themselves targeted by cybercriminals and nation-state attackers in recent years are on edge just the same about where and when the next incident might take place.
They’re right to be concerned, too, according to Lewis Huynh, chief security officer at NinjaRMM. “SolarWinds is not an exception,” he says. “They happened to be the target and the exploited company, but the reality is we’re all vulnerable, and knowing that puts you on a path to prepare.”
Huynh spoke with ChannelPro shortly after the conclusion of NinjaRMM’s second annual Security Summit, which took place online yesterday. Perhaps inevitably, a panel discussion during that conference featuring Huynh and other security experts commenced with thoughts about the SolarWinds breach. The fallout from that incident, speakers noted, is still ongoing.
“We’re over a month, I think, now at this point since it’s gone down, yet I would say the channel is still just as murky on what actually happened and what do I do next,” said Kyle Hanslovan, CEO of security vendor Huntress.
Even as details about the attack continue to emerge, NinjaRMM has doubled down on previously introduced measures aimed at safeguarding its software from compromise.
“We’ve done a couple different things in terms of locking down our supply chain [and] our build systems,” Huynh says. The company has also tightened up its intrusion detection and prevention monitoring and stepped up security training across the company. “A lot of hacks occur because of phishing attempts,” Huynh observes.
To keep its MSP partners safer, meanwhile, Ninja has accelerated several security-related enhancements on its product roadmap. “It pushed things that generally people are OK with waiting for into the forefront,” says Huynh of the SolarWinds story.
Encouragingly, MSPs appear to be better prepared for threats at present, according to Bill Siegel, CEO of ransomware incident response specialist Coveware and a participant in yesterday’s panel. A year ago, he said, MSPs were coming to his firm for help almost weekly.
“We were seeing RMM tools being exploited, unpatched RMM tools. We were seeing MSPs that didn’t have strong authentication systems getting exploited,” he noted. “I would say that’s probably down to like maybe one or two a month at this point.”
Indeed, while the threat landscape remains as treacherous as ever, if not more so, MSPs have actually faced fewer threats than before in recent months, Huynh says, thanks largely to the coronavirus pandemic.
“We had a lot of people working remotely, and home networks are notorious for being insecure,” he observes, adding that hackers have been going after those easy marks rather than trying to pry their way into RMM systems. Don’t be fooled, though, Huynh warns. The current respite is just the calm before a surely approaching storm.