Seven MSPs and resellers that have fallen victim to cyberattacks
US reseller Compucom is the latest in a series of managed service providers who have seen themselves targeted by cyberattacks. CRN lists seven of the most noteworthy attacks on channel MSPs and resellers in the last year
Econocom
What we know: French MSP Econocom replied to media reports that it had fallen victim to a cyberattack last Autumn. It confirmed it suffered a "security attack" and that its in-house team of specialists worked quickly to address the problem and protect customers' environments from being infiltrated.
It did not disclose the nature of the attack nor publicise it because of the "negligible impact" it had on its business, though it did report it to the relevant French authorities at the time, Econocom said in a statement.
In their own words: " The day straight after the attack, the incident was declared to the relevant French authorities (CNIL, ANSSI, CERT) and the police," Econocom stated.
"These authorities were then informed of the attack's characteristics and the solutions used to rectify the situation, mainly to provide an account that could help other firms affected by such attacks. Discussions were also held with France's financial markets regulator, AMF.
"Given the negligible impact this attack had on our business and the desire of the authorities involved in the investigation to keep the details about it confidential, Econocom consciously and unapologetically decided to directly inform only those concerned by the incident."
Ranking: 1/5 A hard attack to judge as so little information is provided, so we have to take Econocom's word that it was a ‘negligible' attack
Click through to learn about the latest MSP to be targeted by hackers...
Seven MSPs and resellers that have fallen victim to cyberattacks
US reseller Compucom is the latest in a series of managed service providers who have seen themselves targeted by cyberattacks. CRN lists seven of the most noteworthy attacks on channel MSPs and resellers in the last year
CompuCom
What we know about the attack: The US reseller, a subsidiary of US stationary giant The Office Depot, revealed yesterday that it was hit by a malware attack that has impacted certain services it provides to customers.
Little else is known about the attack so far, but an investigation into the attack is in its early stages, according to a statement by Compucom. There is no indication as yet that their customers' systems were directly impacted by the attack, it added.
In their own words: "As soon as we became aware of the situation, we immediately took steps to contain it, and engaged leading cybersecurity experts to begin an investigation. We are also communicating with customers to provide updates about the situation and the actions we are taking.
"We are in the process of restoring customer services and internal operations as quickly and safely as possible. We regret the inconvenience caused by the interruption and appreciate the ongoing support of our customers."
Rating: 2/5 a low rating because we don't quite know the extent of the attack just yet
Seven MSPs and resellers that have fallen victim to cyberattacks
US reseller Compucom is the latest in a series of managed service providers who have seen themselves targeted by cyberattacks. CRN lists seven of the most noteworthy attacks on channel MSPs and resellers in the last year
What we know: French MSP Umanis also saw itself targeted by cybercriminals in November 2020.
The Salesforce and SAP partner claimed in a statement that it had thwarted the attack immediately through "isolation measures", but that it had to disable its network and applications to prevent the attack from spreading to customers' infrastructures.
In their words: "In the context of an upsurge in computer crime, Umanis has been the subject, as many other companies have, to a cyber-attack on Saturday 14 November," the company said in a statement.
"All actions aimed at the continuity of systems and operations activity have been carried out to ensure the restart of almost all service from this Monday morning."
"Umanis is committed to keeping its customers and partners informed, without delay and regularly, as well as the authorities."
Ranking: 2/5 The cybercriminals attacked but ultimately failed to gain a foothold into Umanis' environment
Click through to read about how DXC handled a breach to their insurance services platform...
<
Seven MSPs and resellers that have fallen victim to cyberattacks
US reseller Compucom is the latest in a series of managed service providers who have seen themselves targeted by cyberattacks. CRN lists seven of the most noteworthy attacks on channel MSPs and resellers in the last year
DXC Technology
What we know: DXC revealed last summer that its insurance managed services business Xchanging was hit by a ransomware attack. It stated at the time that it was working with law enforcement and cyber agencies on the attack.
After an investigation, the services firm reported that the attack was contained to just the Xchanging environment and that there was no loss of customer data. Interestingly, among the independent cybersecurity firms DXC employed to investigate the attack was FireEye, which itself experienced a cyberattack subsequent to this.
In their own words: " DXC has confirmed containment of the incident in the immediate days following identification with minimal impact on Xchanging customers; no loss of DXC or Xchanging customer data; no impact on the wider Xchanging or DXC IT estates; and full restoration of Xchanging customer operations.
"Along with ongoing systems monitoring, DXC is continuously investing in and enhancing its cyber detection and response capabilities to effectively manage risk and safeguard customer and its IT estates with the continued growth of malicious cybersecurity attacks."
Rating: 3/5 DXC caught the attack, acted quickly to remediate it and resolved the matter completely in three weeks
Read on to find out how much a tailored ransomware attack hit Sopra Steria for...
Seven MSPs and resellers that have fallen victim to cyberattacks
US reseller Compucom is the latest in a series of managed service providers who have seen themselves targeted by cyberattacks. CRN lists seven of the most noteworthy attacks on channel MSPs and resellers in the last year
Sopra Steria
What we know: Paris-headquartered Sopra Steria fell victim to a previously unknown version of Ryuk ransomware in October 2020.
Ryuk differs from other forms of ransomware in that it is tailored depending on the target and encrypts only essential files, as opposed to going after whole networks simultaneously.
The services firm said it acted quickly to contain the attack to a limited part of the group's infrastructure in order to protect customers and partners. However, a month later Sopra Steria revealed that it expected the attack to hit its operating margins by up to €50m, while its insurance coverage for cyber risks covers a maximum of €30m.
In their own words: "At this stage {November 2020], Sopra Steria has not identified any leaked data or damage caused to its customers' information systems," it stated.
"The secure remediation plan launched on 26 October is nearly complete. Access has progressively been restored to workstations, R&D and production servers, and in-house tools and applications. Customer connections have also been gradually restored.
"During this period, the Group's priority has been focused on security and working closely with its customers.
"The remediation and differing levels of unavailability of the various systems since 21 October is expected to have a gross negative impact on the operating margin of between €40 million and €50 million."
Ranking: 4/5 Though Sopra Steria reacted quickly to the unknown attack, it still felt the hurt with a €50m hit to operating margins
Read through to learn about the Texas MSP who took a $4m punch to the pocket from a ransomware attack...
Seven MSPs and resellers that have fallen victim to cyberattacks
US reseller Compucom is the latest in a series of managed service providers who have seen themselves targeted by cyberattacks. CRN lists seven of the most noteworthy attacks on channel MSPs and resellers in the last year
Tyler Technologies
What we know: Texas-based Tyler Technologies bills itself as being the biggest managed services provider to the US public sector. It fell foul of cybercriminals in September 2020 when it discovered an "unauthorised third party intruder" had accessed some of its internal phone and IT systems. The MSP contained the spread of the ransomware by taking its systems offline.
CEO H. Lynn Moore told investors in Q3 earnings call in November that the attack had been addressed but that it impacted sales to the tune of $4m, losing $1.5m in the third quarter and $2.5m in the fourth.
In their own words:
" From the morning of September 23, our incident response efforts have been facilitated by Tyler's internal resources as well as third-party providers," Moore said on the call.
"There has been no evidence of compromise in the separate and segregated environments where we host software for our clients. And to date, there has been no evidence of malicious activity on client self-hosted systems related to this incident.
"The security incident did impact our ability to deliver licenses and services during late September and into October. We currently estimate the impact to revenue was approximately $1.5 million in the third quarter and $2.5 million in the fourth quarter. We maintained cybersecurity insurance coverage in amount that we believe is adequate."
Ranking: 4/5 Tyler Technologies is a billion-dollar company, but losing $4m to a ransomware attack will still hurt the pockets
Which US reseller navigated a Maze of an attack and anticipated a $50m hit to its figures? Click through to find out
Seven MSPs and resellers that have fallen victim to cyberattacks
US reseller Compucom is the latest in a series of managed service providers who have seen themselves targeted by cyberattacks. CRN lists seven of the most noteworthy attacks on channel MSPs and resellers in the last year
Cognizant
What we know: US IT services giant Cognizant was rocked by a ransomware attack last April. Known as Maze, this type of ransomware is speculated to operate through an affiliated network where Maze developers share their ill-gotten gains with various groups that deploy the ransomware in organisational networks.
The attack encrypted some of Cognizant's internal systems, causing the firm to take its systems offline. This resulted in a disruption to the firm's services that support remote working, as well as causing some clients to suspend Cognizant's access to their networks.
CFO Karen McLoughlin revealed in its Q1 earnings call last May that the firm was expecting to lose between $50m and $70m in its second quarter of 2020 because of the attack's impact.
In their own words: " We expect the vast majority of revenue and margin impact from [this] ransomware attack to be in the second quarter. However, ongoing remediation cost will institute through subsequent quarters," stated CEO Brian Humphries on the Q1 earnings call.
"Ransomware attacks are becoming all too frequent across industries. We are using this experience as an opportunity to refresh and strengthen our approach to security. We're already applying what we've learned to further harden and strengthen our security environments and we are further leveraging our external security experts to help inform and guide our long-term security strategy. Cybersecurity will continue to be a top priority for us in the years ahead."
Ranking: 5/5 An insidious attack that had a massive hit on Cognizant, both in terms of revenue and customer trust