Author Archives: Megan Carnes

Thrive to Showcase Cybersecurity and Digital Transformation Solutions at DTX Europe

Experience Thrive’s Advanced Cybersecurity Innovations on Oct. 4-5 in London

FOXBOROUGH, Mass. – September 26th, 2023 Thrive, a premier provider of Cybersecurity, Cloud, and Digital Transformation Managed Services, announced today its participation, exhibition, and sponsorship at the much-anticipated Digital Transformation EXPO (DTX) Europe event taking place in London on October 4-5. At DTX Europe, known for bringing together the best minds and leading digital technology, Thrive will present its state-of-the-art cybersecurity and digital transformation solutions.

Attendees are invited to visit Booth B36, where Thrive’s dedicated team will discuss the ever-changing dynamics of digital security and transformation, including its robust NextGen portfolio of managed end-to-end cybersecurity and Cloud solutions that drive secure digital transformation for small to mid-sized enterprises across various industries in Europe, the U.S. and Canada.

“It’s an honour to represent Thrive at DTX Europe,” remarked Steve Tilley, Head of European Sales at Thrive. “This event offers an unparalleled opportunity for us to connect with industry peers, spotlight our cutting-edge solutions, and stay abreast of the latest in cybersecurity and digital transformation. We proudly showcase Thrive’s ever-expanding European operations to keep European businesses resilient and competitive in the digital age with our secure, scalable, and flexible cybersecurity and Cloud technology.”

Visit Thrive at Booth B36 to explore Thrive’s managed cybersecurity and Cloud services. For more information or to schedule a meeting with Thrive at the show, please email




About Thrive

Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimisation. The company’s Thrive5 Methodology utilises a unique combination of its Application Performance Platform and strategic services to ensure each business application achieves peak performance, scale, uptime, and the highest level of security. For more information, visit


Thrive: LinkedIn, Twitter, Facebook, YouTube and Instagram



Stephanie Farrell


VP of Marketing



Cybersecurity Dangers Lurking in Hybrid and Remote Working

In our last few blogs, we’ve discussed the risks to UK businesses from cyber attacks in a “static environment,” such as an office.

We’ll now concentrate on the dangers your employees may encounter while away from the office. Most UK SMEs have now switched to a hybrid or accepted ‘work from home’ model for staff. However, cyber threats are emerging, targeting personal mobile devices used in the company business and authorised devices used in public places.

What’s the risk?

We already know that the greatest vulnerabilities happen when there is a human risk factor. When your employees are traveling or working away from their secure office environment, they can be most at risk of unwittingly getting malware on their devices, which they then bring back to the office and infect your protected network.

The challenge is that these new cyber attack vectors are springing up in least-expected places. A council car park was recently targeted in a ‘QRishing’ attack on the Isle of Wight. A fake QR code was convincingly placed onto parking meter machines used by visitors. When people scanned the code, expecting to be taken to a payment site, their device displayed a fake website that took their credit card information. As a result, their money was stolen by the cyber attackers and never received by the Council.

Unexpected places to be cyber attacked

Have you ever heard of “juice jacking“? It is a significant and growing threat likely to be experienced by employees on the move. This involves cyber attackers tampering with public charging stations and USB ports to gain access to users’ devices – jeopardising passwords, sensitive corporate data, and personal files, incurring privacy breaches, and even financial loss. As the convenience of public charging stations grows in popularity, the risk of falling victim to juice jacking has become more pronounced.

To mitigate this threat, users are strongly advised to avoid using untrusted charging ports. They are instead urged to plug their chargers and plugs into electrical outlets or carry their portable chargers. Employing data encryption and security software can further safeguard against potential attacks. However, if public charging stations are necessary, powering off the device can defend against data breaches. If you must use the phone while charging, selecting “charge only” when prompted to choose whether to “trust” the device can further aid protection.

Another increasing risk is attackers using seemingly innocuous QR codes to redirect users to phishing sites (known as QRishing) or download malware onto devices – resulting in unauthorised access to sensitive data and potentially incurring financial losses. Authorities have become aware of new attacks, such as in Camden, North London, where payment points for electric car charging were targeted. Now, reliable regional cyber authority sources across the UK are issuing warnings to local businesses. In a high-profile attack in the US this year, the Super Bowl featured a high-profile QR code ad for Coinbase, promising consumers $15 worth of Bitcoin for signing up. This provided a prime social engineering opportunity for cyber criminals to piggyback the trend and lure users in with an identical QR code loaded with malware.

Avoiding public QR codes is naturally the safest bet. Still, considering their newfound prevalence, there are various apps your employees can use to vet these codes before falling victim to scams. With popular options like Kaspersky QR Scanner, Sophos Intercept X, and Qrafter, the safety of a scanned link can instantly be confirmed before following it. Aside from apps, using a VPN and implementing two-factor authentication further protects against QRishing attacks.

Risks when working at home

Your employees’ homes are, of course, not immune to cyber attacks either. BlueBorne is a sophisticated attack vector through which hackers can manipulate Bluetooth connections to take complete control over targeted devices. It’s a devastating combination of incredibly desirable qualities to a hacker. Being airborne and highly infectious, it targets the weakest part of the network’s defence – the only one unprotected by security measures. What’s more, the high privileges that Bluetooth has on all operating systems allow for virtually unlimited control.

BlueBorne serves those determined to carry out cyber attacks with objectives ranging from cyber espionage, data theft, and ransomware to creating sizable botnets out of IoT devices, like the Mirai botnet. But how wide is the threat? The BlueBorne attack vector can affect all Bluetooth devices – an estimated 8.2 billion.

The security measures your employees might have, such as firewalls, mobile data management, and endpoint protection, must be equipped to identify these attacks – only blocking infections spread via IP connections. While new solutions are created to address airborne attack vectors, the best protection is ensuring devices are constantly updated as manufacturers continue to patch vulnerabilities and turn off Bluetooth and Wi-Fi when not in use.

Risks when browsing

A more specific way cyber attackers target employees is through watering hole attacks. This attack is designed to compromise users from a particular group or industry while they browse the web by infecting websites frequently visited by them, luring them into malware.

Cyber attackers who attempt watering hole attacks for financial motives or to widen their botnet can achieve this by infecting high-traffic consumer websites. However, targeted attackers, looking for results beyond financial gains, set their sights on popular sites in a particular industry, such as standards bodies, conferences, or professional forums. After finding a vulnerability on the website, they infect it with malware before waiting for users to take the bait.

To achieve this traffic, attackers may even prompt employees with highly contextual (sometimes AI-generated) emails, guiding them to a specific part of the compromised website. These emails usually don’t originate from the hackers themselves, but the newsletters received automatically anyway – making detecting these traps especially difficult. Complicating this further, the device is transparently compromised with a drive-by download attack, leaving the user oblivious to their device’s infection.

Fighting this off can be challenging for organisations, and websites can stay compromised for years before detection. Protection is increasingly essential considering recent similar attacks – for example, the 2021 “Live Coronavirus Data Map” from the Johns Hopkins Center for Systems Science and Engineering being used to spread malware to users nationwide.

So, how can organisations best protect themselves and their employees?

Advanced targeted attack protection solutions, such as web gateways, defending the enterprise against drive-by downloads matching a known signature can detect these attacks.

To protect against more elaborate attackers, organisations should employ more dynamic malware analysis solutions that vet frequently visited destination websites for suspicious behaviour. As for targeted email traps, look for an email solution that can analyse malware both at the time of email delivery, and at the user’s click-time. These mechanisms must protect the user whether they remain on the corporate network.

These are just some of the best practices we recommend. Thrive is highly experienced in supporting small to medium-sized businesses in countering the latest threats, and we can work with you to ensure that your employees and business protocols are as resistant as possible to these unusual places to be cyber attacked.


Contact Thrive today to discuss how we can reduce these risks to your business.

Employee Spotlight: Kevin Cott, Client Business Executive

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Kevin Cott, Client Business Executive – Europe. Kevin focuses on delivering world-class IT strategies to potential clients.

Kevin grew up in Ireland but now calls the West Midlands in the UK home. He enjoys going on holiday, visiting Ireland or exploring European cuisine in his free time.

Hi Kevin! Can you tell us about your background and how you came to Thrive?

I studied Economics and Finance at the University of Limerick. Since 2010, I’ve worked in the IT reseller and Managed Services industries working with clients to leverage value from their investments in technology. I joined Thrive in March 2022, and while I wasn’t actively looking for a new role, I couldn’t turn down the opportunity to join such a great organization.

What do you most enjoy about working for Thrive?

There’s a couple of key things for me. Firstly, the goal is clear from the organization’s top to the bottom. Every single person that knows what we do and how we do it. Secondly, the caliber of the people that I get to work with. Thrive has  built an amazingly talented team, making my role more straightforward as a client-facing sales team member.

Any recent exciting projects at Thrive that you can tell us about?

There’s so much going on it’s hard to choose. From a client perspective, our ability to enable them to cope with changing technology and cyber landscape is unmatched. I’ve seen firsthand how we are significantly moving the needle regarding their ability to cope with increasing workforce demands while securing their most important technology assets. From a Thrive perspective, I find our expansion into Europe fascinating.


Are you interested in learning more about Thrive? Click here!

And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

Employee Spotlight: Kirsten Mills, Service Delivery Manager

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Kirsten Mills, Service Delivery Manager for the Southeast Region.

Kirsten is always on the go and also enjoys spending quiet weekends with her family at home in Pelham, Alabama.

Hi Kirsten! Can you tell us about your background and how you came to Thrive?

I joined Thrive in January 2022 as part of the InCare Technologies acquisition. I handled labor and agreement invoicing, vendor audits, AR and collections. I worked closely with managed services engineers/managers and other InCare teams on audits and invoicing.

Working with various departments, especially engineering, and having a great CFO, Michele Boner, who supported and pushed me to be creative and outspoken, helped me learn about our products, customers, and the company.

In July 2022, Chae York (RVP of Service Delivery for the Southeast) asked me if I would be interested in moving to a Service Delivery Manager role. I accepted and have loved every minute of my new position, and my accounting skills have proven invaluable in my new work environment.

What do you most enjoy about working for Thrive?

I like my colleagues and the fast-paced service desk, and I learn something new every day. Every team/department I have interacted with at Thrive inspires me and is always helpful and willing to listen.

Working at Thrive, I feel valued, heard and supported. The company does a beautiful job listening to employees and supporting creative thinking.


Are you interested in learning more about Thrive? Click here!

And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

Unmasking Cyber Threats: Exploring the Dark Realities of the Capita Ransomware Attack

Our recent blog documented the enormous impact of a cyber ransomware attack on Capita, which has continued to affect the data and violate the privacy of thousands of UK consumers and businesses handling secure and sensitive information. Cited as one of the most significant known impacts on UK businesses and consumers, in this blog, we’ll dive more in-depth into the criminals behind this attack. We’ll also offer insight into how this happened and what smaller to medium businesses can do to protect themselves from this kind of event.

Questionable Motivations

Those responsible for oversight of the UK’s cyberspace, such as the National Crime Agency (NCA), are reporting the rise of cyber attacks targeted at businesses rather than individuals. And the impact is getting more severe. Cyber attackers are no longer just “lone wolves” but have joined with others to form groups with differing motivations and ideologies.

The original lone hacker, typified by the teenager in the bedroom, sees attacking businesses and governments as a game and challenges themselves to increasingly develop extreme skills, resulting in access to highly sophisticated systems, including secure government and defence networks.

One 16-year-old, purported ring-leader of the UK group Lapsus$, took down Microsoft. Another British teenager was arrested in 2019 after successfully hacking into Cloud accounts holding songs from some of the world’s best-known musical artists.

The rise of hacktivist campaign groups, such as Anonymous, is driven by social beliefs or political or religious affiliations. Their motivations are typically to target government agencies and to inflict damage or cause embarrassment rather than to steal data. They, too, may create disruption but impact businesses to a lesser extent.

Cyber attack groups that use the most sophisticated means of attack are generally believed to be state-sponsored. Black Basta is a Russian-speaking group and typically targets English-speaking countries in the “Five Eyes” defence community. Because of this, the group is believed to have an underlying political agenda. Capita is one of those organisations that support the fabric of British society heavily behind the scenes, as do many outsourced service providers and businesses that handle public information and process data on behalf of government bodies and agencies.

Who was behind this attack?

The difficulty in detection is that the distinction between nation-states and criminal groups is becoming increasingly blurred, making it harder to attribute cyber crime to specific groups. The NCA acknowledges that Russian language criminals operating ransomware as a service are responsible for the most high-profile cybercrime attacks experienced against the UK.

Black Basta (also known as ‘BlackBasta’) is a well-known ransomware group. Newly formed in 2022, they have rapidly become one of the most active known threat groups, attacking businesses in multiple countries such as the US, Japan, Canada, the UK, Australia and New Zealand. Being financially motivated, with the intent to gain as much money as they can, they use what’s known as a “double extortion technique.” This means that once they have infiltrated a company’s IT system and stolen high-quality data, they encrypt it so that it cannot be used by the company they have attacked and then threaten to publish or sell the data for a ransom of millions of pounds.

Black Basta claimed responsibility for this most recent attack and began advertising the data it had stolen from Capita’s IT system network. With a high level of sophistication in their attack methods and a reluctance to recruit or promote on Dark Web forums, many cyber attack watchers and analysts believe that Black Basta is either made up of members of another known criminal group or just a rebrand of the Russian-speaking group “Conti,” and could be linked to other Russian-speaking cyber threat groups. It appears that both groups use similar tactics and techniques.

How Do They Do It?

The details of Black Basta’s attack have not been made public. However, we can draw some conclusions. Like most cyber attacks, a seizure usually begins through human error. Typically, through a phishing email, Black Basta will gain initial systems access via a link embedded in a malicious document. Usually, this link arrives via email in a password-protected zip file.

Businesses must be aware that simple human errors, often through carelessness rather than maliciously, can result in catastrophic damage. For example, employees away on business connecting to unsecured Wi-Fi networks can make it easier for cyber attackers to access systems. Using the same password on multiple sites on both work and personal devices is another central area of vulnerability. Missing phishing emails while working in haste or lacking reinforcement training may have initiated this attack. IT Managers and CISOs need multiple layers of protection, such as training, awareness, and processes, to enable staff to safely perform regular operational duties to contain any potential threat. Insider threat is another vulnerability, and when an employee leaves under bad terms, there must be protections in place to prevent any unexpected breaches of company data, passwords, or critical processes.

In Capita’s case, staff initially reported that correct passwords were being rejected when they tried to log into its Microsoft Office 365 suite of applications. A vulnerability within

Microsoft Active Directory, which holds details of every user account on the network, is believed to have been targeted so that users could neither login nor change their passwords. Mass text messages were sent to Capita staff telling them not to log into corporate IT systems, but many of those messages still needed to be received.

What is the Active Directory Vulnerability 2023?

CVE-2023-21676 is a recently detected vulnerability in part of the Lightweight Directory Access Protocol (LDAP) system. Access enables attackers to execute code remotely onto Windows Server installations and gain System privileges, the highest user access level in Windows. The vulnerability affects all currently supported versions of Windows servers and clients.

In June 2023, Microsoft announced that it had acted against this zero-day vulnerability and provided a security patch.

What Should Companies be Aware of?

It is critical to review all layers of process, training, and security protocols and ensure company-wide awareness of the risks of cyber attacks. In practical and immediate terms and to effectively reduce the risks associated with this specific vulnerability, IT security staff should immediately apply the Microsoft patch issued on April 11, 2023.

In addition, Thrive recommends the following security best practices to mitigate the threat significantly:

  1. Regularly assess IT systems to identify vulnerabilities and misconfigurations.
  2. Ensure you patch and upgrade operating systems, firmware and applications.
  3. Have a policy of multi-factor authentication (MFA) and phishing protection.
  4. Train staff with simulated attack scenarios and ensure that processes are in place to report to the internal cybersecurity team promptly.

Thrive can advise, audit, and suggest how your IT security policy and procedures shape up to acceptable risk standards.


Contact Thrive today to discuss how we can reduce your risk of a cyber attack.

Managed Server and Workstation Patching Employee Spotlight: Matt Chabot, EVP of Technology

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Matt Chabot, EVP of Technology. He oversees the technology that optimizes clients’ business application performance with Thrive’s NextGen Platform of Cloud, Security, Networking, and Business Continuity services powered by ServiceNow’s automation and self-service capabilities.

Matt lives in Andover, MA, with his family. In his spare time, you’ll find Matt exploring the outdoors, hiking and biking in the summer and snowboarding in the winter.

Hi Matt! Can you tell us about your background and how you came to Thrive?

I started in IT by joining the Boston College help desk during my Sophomore year and then started assembling and selling computers out of my dorm room a year later. After graduating, I began working full-time at Innovative Networks and, shortly thereafter, became a founding partner and eventual CTO of Tier1Net. Over the next 20 years, I helped build Tier1Net into one of the most well-respected MSPs in Boston.  In 2019 Tier1Net was acquired by Thrive and now I have the pleasure of helping to build the most well-respected MSP in the world!

What do you most enjoy about working for Thrive?

Every day I learn something new from the talented and dedicated teammates I have at Thrive and truly love working with them to help scale Thrive’s processes to meet our rapid growth rate.

Any recent exciting projects at Thrive that you can tell us about?

I geek out over automation and was excited when we recently automated a critical step in Thrive’s process to onboard new customers into our Endpoint Security and Response service offerings.


Are you interested in learning more about Thrive? Click here!

And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

A growing construction company scales and automates its IT infrastructure with Thrive Download Now

The company, one of the largest construction companies in the U.S., has gone through significant growth and needed a provider that could help it scale and automate the onboarding and offboarding process of adding and removing employees.


The construction company evaluated providers of all sizes, and Thrive stood out due to the ability to scale and drive automation with a comprehensive IT strategy. Thrive’s team of experts successfully built ServiceNow automation to assist the construction company with aggressive growth requirements. Thrive’s Cloud-based client portal, powered by ServiceNow, provides a real-time view of its network and can create, route, and close IT support requests directly through the platform. In addition, Thrive implemented ThriveCloud, which powers an Enterprise-class Cloud infrastructure with optimal performance, security and efficiency. Disaster Recovery, Managed Backup, a Microsoft strategy and Thrive Helpdesk were also deployed.


As a result of the Thrive partnership, the construction company now has a custom, robust platform that allows it to scale business in any market with automation and confidence in cost control.

How can Thrive help your business?

Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.

To learn more about our services, CONTACT US

Thrive Named Perimeter 81’s Top Q1 Partner of 2023

Perimeter 81, the rapidly-growing converged network security, Zero Trust Networking Access (ZTNA) and Secure Access Service Edge (SASE) leader, named Thrive its Top Q1 Partner for 2023.

Thrive received the award at Perimeter 81’s recent Summer Partner Kickoff.

Thrive partners with the industry’s best-of-breed channel and technology companies, including Perimeter 81, allowing us to build, deliver, and support NextGen managed services that our clients can rely on.

Perimeter 81’s robust and scalable Zero Trust security stack is part of Thrive’s deep and comprehensive portfolio of cybersecurity and NextGen managed services that protect clients in an increasingly dangerous cyber landscape with its reliability and resilience.

Thrive seeks partners that push the limits of security innovation and who help us continue to best serve our clients today and beyond.

We are thrilled to be recognized by Perimeter 81 for unlocking new opportunities and driving positive change throughout the IT channel.

Congratulations to all the fantastic partners who received their well-deserved awards for being the MVPs of the first half 2023. Click here to see a complete list of those recognized.

Massive Ransomware Attack Affecting Hundreds of Thousands of Consumers

Recent news of a massive cyber ransomware attack on a significant UK business has created one of the largest known impacts on UK businesses and consumers.

This attack by a notorious ransomware group on the major UK outsourcing company Capita continues to impact hundreds of thousands of people three to four weeks after being first reported.

This blog details the attack and its consequences and offers thoughts on how smaller businesses can prepare for these risks.

What happened?

In March, Capita publicly admitted that it had become another large organisation that was the victim of a targeted ransomware attack. Capita is a business that runs core services worth billions of pounds for government and high-profile private industry, including local councils, the NHS, the military, the BBC and pension funds. It operates the UK’s largest pension fund and private schemes for many large organisations. This cyber attack compromised Capita’s most profound IT systems and threatened the personal details of hundreds of thousands of pensioners whose data was stolen.

More than 90 large organisations have reported breaches of personal information from this attack. The victims include companies such as the Royal Mail and Axa, which have millions of policyholders, and the UK’s largest pension fund, the Universities Superannuation Scheme (USS). The USS alone has gone on record to publicly confirm that the cyber breach has affected over 470,000 individual policyholders, with serious data breaches of their names, birthdates, and National Insurance Numbers. This type of personal data breach can result in identity theft or at least enormous inconvenience and concern.

The nature of Capita’s business support structure means that by accessing Capita’s systems, hackers potentially could access many of their suppliers, business customers and individual consumers whose data is processed daily by the company. As the impact continued, The Pensions Regulator (TPR) advised over 300 of its pension funds of this potential data theft and then other pension schemes administered by Capita. This included hundreds of private sector pension schemes belonging to employees of Marks and Spencer, Diageo, Unilever and Rothesay, who had to step in and take preventive and emergency action in warning their members that their data was likely to have been stolen.

Rumour of a £15million ransom

After being made aware of the attack, Capita decided that the best course of action was to pay the hackers a ransom fee to protect the data, which the company needs daily access to so they could carry out business.

Creating a responsible business repatriation plan must have been a significant risk for the business, whose core business is the processing of other companies’ personal and private data relating to individuals. This took longer than hoped with many people feeling angry that there was a lack of speed and transparency. Capita did not publicly acknowledge the extent of the attack until April, having initially denied that any customer data had been compromised. The magnitude of the impact caused the Times to call Capita’s response a “crisis.” The CEO of Capita, Jon Lewis, then confirmed it was “a sophisticated cyber attack.”

Who was behind this?

Responsibility for the attack was publicly claimed by a known cyber threat group called Black Basta, who started to sell Capita’s data via the dark web. This included the bank account details of 152 businesses, scanned images of passports, application forms from individuals for teaching positions and security vetting data. By proving they had this type of data, Black Basta clarified how much valuable information they had managed to steal. Other data allegedly listed for sale included a Capita Nuclear document, the internal drawings of building floor plans and documents marked confidential.

This data implies that the cyber attack had penetrated deep into Capita’s internal IT systems. With customers that include the NHS and the Department for Work & Pensions, the data breach will likely have included highly sensitive data that would greatly benefit criminals.

Black Basta/ BlackBasta

These cybercriminals are a known ransomware group that has only been around since 2022 but have rapidly become one of the most active threat groups, targeting 19 large businesses with over 100 confirmed victims. Targeting companies in multiple countries, but typically in the US, Japan, Canada, UK, Australia, and New Zealand, they use a double extortion technique. This means that once stolen, they encrypt the stolen data before threatening to publish or sell the data for a ransom of millions of pounds.

The implications of the Capita cyber attack highlight the urgency for organisations to prioritise robust cybersecurity practices to safeguard sensitive information and mitigate the damaging consequences of data breaches.

Businesses holding personal data, mainly where they conduct processing on behalf of their clients, must have a clear cyber assurance strategy. Planning and rehearsing against such attacks in real-life simulated cyber attack training, using real-world examples and multimedia inputs to create a real sense of urgency, is something that businesses in the critical national infrastructure have been doing for years.

It is now time for small to medium businesses to take the risks of cyber attacks seriously and to plan and protect against them. Thrive can help design, plan, rehearse, and test your cyber attack strategy and make sure that your staff are put to the test. Hence, they are as prepared as possible for a cyber attack that might look insidious on the surface but could have a material, significant impact on your business.

Talk to Thrive. We are a trusted cybersecurity expert and an accredited Managed Service Provider and can offer your business the Next Generation of Managed Services.


Contact Thrive today to learn how we can help your business stay secure in today’s digital age.