News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | SMB ransomware and API data tracks together

From BlackHat last week, researchers are warning of an increase in double extortion attacks against companies.     At the event, Acronis released their new Cyberthreats report for mid year 2021, warning  that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year.  The report cites a 33% jump in ransomware payments, which smaller companies would struggle to absorb.   Palo Alto Networks Unit 42, which is the threat intelligence team, released a report to understand why ransom prices have risen.     One trigger – the quadruple extortion tactic:  Encrypt the data, vow to release the data, launch denial of service attacks, and harass customers, partners, employees and the news media to embarrass the victim.  The strategy is to put as much pressure as possible on the victim.     Acronis’s data supported this idea – a 70% increase in the number of victims whose data was publicly released.  

The Biden administration has explained why they decided not to ban ransomware payments – they were concerned about driving the activity further underground.   The “the state of resilience is inadequate.”

Salt Security’s State of API Security Q3 2021 cites Only 11% of people surveyed are greatly concerned about the security risks of shadow or unknown APIs. In contrast, 42% are greatly worried about zombie APIs, which were assumed to be turned off but can be targeted for an account takeover.   Compared to when the study was first conducted six months ago, the percentage of respondents that are at least somewhat confident their API inventory is complete increased from 53% to 62%.

Google announced an Unattended Project Reminder feature now in public preview, designed to address security by identifiying old cloud computing projects that are not being used.      Microsoft announced their Azure Sentinel cloud SIEM can now detect potential ransomware activity, using the Fusion machine learning model.  

A Conti Ransomware gang playbook leaked.    A disgruntled affiliate released the group’s training materials.    The training materials include manuals on deployment of the ransomware, hacking tools, and as reported by Channel E2E, mentions of RMM provider Atera.   Quoting that article.   Based on the leaked playbook, ethical hacker Vitali Kremez tweeted a warning for network administrators looking for Conti activity to “scan for unauthorized Atera Agent installations and Any Desk persistence,” ThreatPost reports.    Atera commented to Channel E2E that the product has not been compromised. 

And in security features you can use.  Windows 10 admins can now selectively block USB devices in a layered Group Policy. 

Why do we care?

There are a couple of approaches here I wanted to highlight.

First, it’s the understanding of quadruple extortion.     It’s the answer to “I don’t have anything of value to steal.”  Yes, yes you do.

Second, it’s the quote about the state of resilience.   That’s a failure of the technology industry.  

Finally, it’s the actions required – the API data shows the industry is just continuing its existing practices of not even watching the basics.     That tells IT providers where they can focus – getting the basics right, which are not necessarily easy, goes a very long way… and we still have a long way to go.

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories