Important Communication from our CISO Regarding the Kaseya Breach

To our Valued Customers:

Most of you probably saw the news over the past two days: “Massive Ransomware Attack Has Hit More Than 1,000 Companies.” This is the biggest breach since WannaCry – and maybe even bigger. For reference, WannaCry resulted in up to $4 billion in economic loss.

Rest assured that Buchanan Technologies has not been impacted by these attacks, though we, like you, are monitoring this event very closely. We do not use Kaseya, the vendor who has fallen victim to a supply-chain attack.

We have had partners not only ask “Is Buchanan affected by this attack?”, but also “What is Buchanan doing to keep us safe?”

We’d also like to express solidarity with the 20+ MSPs, the vendor Kaseya, and all of the other victims of this criminal act. This is an enormous event, launched right as Canada and the US went into the holiday weekend. This is common with these types of attacks. In fact, only 25% of attacks happen during normal business hours, highlighting the importance of “always-on”, 24/7/365 security.

What We Know:
While the situation is still developing, it appears as though Kaseya, a remote management vendor, has suffered a breach that affected their supply chain, specifically impacting their on-premises customers.

There are many ways this could have happened, and the exact vector will be identified and made public; one example would be if a Kaseya employee’s account was compromised, and the attackers used that account to edit Kaseya’s source code.

Kaseya’s full statement and continually updated press release can be found here. Kaseya has also shared a detection tool, which essentially checks for “userfiltertablerpt.asp” file in their public webroot. Additionally, this blog by Huntress is a great resource for detecting indicators of compromise (IOCs).

What We Have Done:
Over the past few years, Buchanan has made strategic investments to solidify our stance as a bonafide managed security service provider. These capabilities include cybersecurity services ranging from:

• A fully managed 24/7 Security Operation Center
• Managed Endpoint Detection and Response
• Managed Threat Hunting
• Managed Security Awareness Training
• Managed Secure Email Gateway
• Incident Response Capabilities
• vCISO Capabilities
• And more

As for our internal security efforts, in addition to “drinking our own champagne” and utilizing our own security services, Buchanan Technologies has been continually assessing and updating our security posture in alignment with NIST 800-53 (high baseline), the CIS 18, and CMMC (5). We are also GDPR and HIPAA compliant and have our SOC 2 Type 2 certification.

In many ways, our internal security surpasses our compliance standards. For example, we are leaders in the “threat hunting” space, continually monitoring every object running or scheduled to run across our entire environment. We have an incident response plan in place and abide by a ransomware playbook. Without going into too much detail, even if we used Kaseya, this attack would not have affected the Buchanan network.

What You Can Do if You Were Affected:
If you do not already have an incident response plan in place, reach out to us at Buchanan Technologies. We are currently helping organizations with incident response.

What You Can Do Even if You Were Not Affected This Time:
Be prepared. It is only a matter of time before your company could be impacted by a ransomware attack, so it is critical that each of you absolutely have an incident response plan in place and a playbook specifically around ransomware. Then, test this plan periodically with table-top exercises. This should be your main focus when seeking to prevent ransomware from halting your business.

Buchanan can assist you in creating an IR plan and customized ransomware playbooks, then we can test your response and recovery capabilities with tabletop exercises.

In Closing
I am sure some of you have questions, concerns, and comments. I am available to talk to you each personally – please reach out to me directly or ask your SDM or Account Executive to schedule some time for us to get to know each other and talk about the various ways we protect our own network, and how we can help you protect yours and mitigate future ransomware attacks.

On behalf of the rest of the Buchanan leadership team, I’d like to thank you for your partnership.

My best,

RJ Friedman
CISO & Managed Security Services Leader
Phone: 818-585-9685