We’ll start with the good news. The Justice Department rounded out last week with an announcement of the disruption of the Hive ransomware group. Working with international partners, they “hacked the hackers” and stopped $130 million in ransom demands. From the release:
Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims. Finally, the department announced today that, in coordination with German law enforcement (the German Federal Criminal Police and Reutlingen Police Headquarters-CID Esslingen) and the Netherlands National High Tech Crime Unit, it has seized control of the servers and websites that Hive uses to communicate with its members, disrupting Hive’s ability to attack and extort victims.
And now the bad news. From CISA, At least two federal civilian agencies were exploited by cybercriminals as part of a refund scam campaign perpetrated through remote monitoring and management (RMM) software. The trick? Getting users to download ScreenConnect (now ConnectWise Control) and AnyDesk via a phishing email which the actors used in a refund scam to steal money from victim bank accounts.
So want to give them feedback? CISA has posted its 2023 Planning Agenda. Here’s the bit you care about, quote:
The 2023 Planning Agenda includes efforts to address the following risk topic areas:
- Remote Monitoring and Management Vendors, Managed Service Providers, and Managed Security Service Providers: Advance cybersecurity and reduce supply chain risk for small and medium critical infrastructure entities through collaboration with remote monitoring and management (RMM), managed service providers (MSPs), and managed security service providers (MSSPs).
Why do we care?
I get the screams I’m hearing from listeners right now – that the products named aren’t RMM’s. So, who do you think clients will listen to, CISA or you? The media covering the event, or you?
Rather than get into academic debates over the naming, focus on what matters – CISA is working on this space, understands the terminology, and is working on the IT services space.
The FBI has proven that government can get results when focused. So expect more results.