Welcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Kirsten Mills, Service Delivery Manager for the Southeast Region.
Kirsten is always on the go and also enjoys spending quiet weekends with her family at home in Pelham, Alabama.
Hi Kirsten! Can you tell us about your background and how you came to Thrive?
I joined Thrive in January 2022 as part of the InCare Technologies acquisition. I handled labor and agreement invoicing, vendor audits, AR and collections. I worked closely with managed services engineers/managers and other InCare teams on audits and invoicing.
Working with various departments, especially engineering, and having a great CFO, Michele Boner, who supported and pushed me to be creative and outspoken, helped me learn about our products, customers, and the company.
In July 2022, Chae York (RVP of Service Delivery for the Southeast) asked me if I would be interested in moving to a Service Delivery Manager role. I accepted and have loved every minute of my new position, and my accounting skills have proven invaluable in my new work environment.
What do you most enjoy about working for Thrive?
I like my colleagues and the fast-paced service desk, and I learn something new every day. Every team/department I have interacted with at Thrive inspires me and is always helpful and willing to listen.
Working at Thrive, I feel valued, heard and supported. The company does a beautiful job listening to employees and supporting creative thinking.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
Unmasking Cyber Threats: Exploring the Dark Realities of the Capita Ransomware AttackOur recent blog documented the enormous impact of a cyber ransomware attack on Capita, which has continued to affect the data and violate the privacy of thousands of UK consumers and businesses handling secure and sensitive information. Cited as one of the most significant known impacts on UK businesses and consumers, in this blog, we’ll dive more in-depth into the criminals behind this attack. We’ll also offer insight into how this happened and what smaller to medium businesses can do to protect themselves from this kind of event.
Questionable Motivations
Those responsible for oversight of the UK’s cyberspace, such as the National Crime Agency (NCA), are reporting the rise of cyber attacks targeted at businesses rather than individuals. And the impact is getting more severe. Cyber attackers are no longer just “lone wolves” but have joined with others to form groups with differing motivations and ideologies.
The original lone hacker, typified by the teenager in the bedroom, sees attacking businesses and governments as a game and challenges themselves to increasingly develop extreme skills, resulting in access to highly sophisticated systems, including secure government and defence networks.
One 16-year-old, purported ring-leader of the UK group Lapsus$, took down Microsoft. Another British teenager was arrested in 2019 after successfully hacking into Cloud accounts holding songs from some of the world’s best-known musical artists.
The rise of hacktivist campaign groups, such as Anonymous, is driven by social beliefs or political or religious affiliations. Their motivations are typically to target government agencies and to inflict damage or cause embarrassment rather than to steal data. They, too, may create disruption but impact businesses to a lesser extent.
Cyber attack groups that use the most sophisticated means of attack are generally believed to be state-sponsored. Black Basta is a Russian-speaking group and typically targets English-speaking countries in the “Five Eyes” defence community. Because of this, the group is believed to have an underlying political agenda. Capita is one of those organisations that support the fabric of British society heavily behind the scenes, as do many outsourced service providers and businesses that handle public information and process data on behalf of government bodies and agencies.
Who was behind this attack?
The difficulty in detection is that the distinction between nation-states and criminal groups is becoming increasingly blurred, making it harder to attribute cyber crime to specific groups. The NCA acknowledges that Russian language criminals operating ransomware as a service are responsible for the most high-profile cybercrime attacks experienced against the UK.
Black Basta (also known as ‘BlackBasta’) is a well-known ransomware group. Newly formed in 2022, they have rapidly become one of the most active known threat groups, attacking businesses in multiple countries such as the US, Japan, Canada, the UK, Australia and New Zealand. Being financially motivated, with the intent to gain as much money as they can, they use what’s known as a “double extortion technique.” This means that once they have infiltrated a company’s IT system and stolen high-quality data, they encrypt it so that it cannot be used by the company they have attacked and then threaten to publish or sell the data for a ransom of millions of pounds.
Black Basta claimed responsibility for this most recent attack and began advertising the data it had stolen from Capita’s IT system network. With a high level of sophistication in their attack methods and a reluctance to recruit or promote on Dark Web forums, many cyber attack watchers and analysts believe that Black Basta is either made up of members of another known criminal group or just a rebrand of the Russian-speaking group “Conti,” and could be linked to other Russian-speaking cyber threat groups. It appears that both groups use similar tactics and techniques.
How Do They Do It?
The details of Black Basta’s attack have not been made public. However, we can draw some conclusions. Like most cyber attacks, a seizure usually begins through human error. Typically, through a phishing email, Black Basta will gain initial systems access via a link embedded in a malicious document. Usually, this link arrives via email in a password-protected zip file.
Businesses must be aware that simple human errors, often through carelessness rather than maliciously, can result in catastrophic damage. For example, employees away on business connecting to unsecured Wi-Fi networks can make it easier for cyber attackers to access systems. Using the same password on multiple sites on both work and personal devices is another central area of vulnerability. Missing phishing emails while working in haste or lacking reinforcement training may have initiated this attack. IT Managers and CISOs need multiple layers of protection, such as training, awareness, and processes, to enable staff to safely perform regular operational duties to contain any potential threat. Insider threat is another vulnerability, and when an employee leaves under bad terms, there must be protections in place to prevent any unexpected breaches of company data, passwords, or critical processes.
In Capita’s case, staff initially reported that correct passwords were being rejected when they tried to log into its Microsoft Office 365 suite of applications. A vulnerability within
Microsoft Active Directory, which holds details of every user account on the network, is believed to have been targeted so that users could neither login nor change their passwords. Mass text messages were sent to Capita staff telling them not to log into corporate IT systems, but many of those messages still needed to be received.
What is the Active Directory Vulnerability 2023?
CVE-2023-21676 is a recently detected vulnerability in part of the Lightweight Directory Access Protocol (LDAP) system. Access enables attackers to execute code remotely onto Windows Server installations and gain System privileges, the highest user access level in Windows. The vulnerability affects all currently supported versions of Windows servers and clients.
In June 2023, Microsoft announced that it had acted against this zero-day vulnerability and provided a security patch.
What Should Companies be Aware of?
It is critical to review all layers of process, training, and security protocols and ensure company-wide awareness of the risks of cyber attacks. In practical and immediate terms and to effectively reduce the risks associated with this specific vulnerability, IT security staff should immediately apply the Microsoft patch issued on April 11, 2023.
In addition, Thrive recommends the following security best practices to mitigate the threat significantly:
- Regularly assess IT systems to identify vulnerabilities and misconfigurations.
- Ensure you patch and upgrade operating systems, firmware and applications.
- Have a policy of multi-factor authentication (MFA) and phishing protection.
- Train staff with simulated attack scenarios and ensure that processes are in place to report to the internal cybersecurity team promptly.
Thrive can advise, audit, and suggest how your IT security policy and procedures shape up to acceptable risk standards.
Contact Thrive today to discuss how we can reduce your risk of a cyber attack.
Managed Server and Workstation Patching Employee Spotlight: Matt Chabot, EVP of TechnologyWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is Matt Chabot, EVP of Technology. He oversees the technology that optimizes clients’ business application performance with Thrive’s NextGen Platform of Cloud, Security, Networking, and Business Continuity services powered by ServiceNow’s automation and self-service capabilities.
Matt lives in Andover, MA, with his family. In his spare time, you’ll find Matt exploring the outdoors, hiking and biking in the summer and snowboarding in the winter.
Hi Matt! Can you tell us about your background and how you came to Thrive?
I started in IT by joining the Boston College help desk during my Sophomore year and then started assembling and selling computers out of my dorm room a year later. After graduating, I began working full-time at Innovative Networks and, shortly thereafter, became a founding partner and eventual CTO of Tier1Net. Over the next 20 years, I helped build Tier1Net into one of the most well-respected MSPs in Boston. In 2019 Tier1Net was acquired by Thrive and now I have the pleasure of helping to build the most well-respected MSP in the world!
What do you most enjoy about working for Thrive?
Every day I learn something new from the talented and dedicated teammates I have at Thrive and truly love working with them to help scale Thrive’s processes to meet our rapid growth rate.
Any recent exciting projects at Thrive that you can tell us about?
I geek out over automation and was excited when we recently automated a critical step in Thrive’s process to onboard new customers into our Endpoint Security and Response service offerings.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…
Thrive Named Perimeter 81’s Top Q1 Partner of 2023Perimeter 81, the rapidly-growing converged network security, Zero Trust Networking Access (ZTNA) and Secure Access Service Edge (SASE) leader, named Thrive its Top Q1 Partner for 2023.
Thrive received the award at Perimeter 81’s recent Summer Partner Kickoff.
Thrive partners with the industry’s best-of-breed channel and technology companies, including Perimeter 81, allowing us to build, deliver, and support NextGen managed services that our clients can rely on.
Perimeter 81’s robust and scalable Zero Trust security stack is part of Thrive’s deep and comprehensive portfolio of cybersecurity and NextGen managed services that protect clients in an increasingly dangerous cyber landscape with its reliability and resilience.
Thrive seeks partners that push the limits of security innovation and who help us continue to best serve our clients today and beyond.
We are thrilled to be recognized by Perimeter 81 for unlocking new opportunities and driving positive change throughout the IT channel.
Congratulations to all the fantastic partners who received their well-deserved awards for being the MVPs of the first half 2023. Click here to see a complete list of those recognized.
Massive Ransomware Attack Affecting Hundreds of Thousands of ConsumersRecent news of a massive cyber ransomware attack on a significant UK business has created one of the largest known impacts on UK businesses and consumers.
This attack by a notorious ransomware group on the major UK outsourcing company Capita continues to impact hundreds of thousands of people three to four weeks after being first reported.
This blog details the attack and its consequences and offers thoughts on how smaller businesses can prepare for these risks.
What happened?
In March, Capita publicly admitted that it had become another large organisation that was the victim of a targeted ransomware attack. Capita is a business that runs core services worth billions of pounds for government and high-profile private industry, including local councils, the NHS, the military, the BBC and pension funds. It operates the UK’s largest pension fund and private schemes for many large organisations. This cyber attack compromised Capita’s most profound IT systems and threatened the personal details of hundreds of thousands of pensioners whose data was stolen.
More than 90 large organisations have reported breaches of personal information from this attack. The victims include companies such as the Royal Mail and Axa, which have millions of policyholders, and the UK’s largest pension fund, the Universities Superannuation Scheme (USS). The USS alone has gone on record to publicly confirm that the cyber breach has affected over 470,000 individual policyholders, with serious data breaches of their names, birthdates, and National Insurance Numbers. This type of personal data breach can result in identity theft or at least enormous inconvenience and concern.
The nature of Capita’s business support structure means that by accessing Capita’s systems, hackers potentially could access many of their suppliers, business customers and individual consumers whose data is processed daily by the company. As the impact continued, The Pensions Regulator (TPR) advised over 300 of its pension funds of this potential data theft and then other pension schemes administered by Capita. This included hundreds of private sector pension schemes belonging to employees of Marks and Spencer, Diageo, Unilever and Rothesay, who had to step in and take preventive and emergency action in warning their members that their data was likely to have been stolen.
Rumour of a £15million ransom
After being made aware of the attack, Capita decided that the best course of action was to pay the hackers a ransom fee to protect the data, which the company needs daily access to so they could carry out business.
Creating a responsible business repatriation plan must have been a significant risk for the business, whose core business is the processing of other companies’ personal and private data relating to individuals. This took longer than hoped with many people feeling angry that there was a lack of speed and transparency. Capita did not publicly acknowledge the extent of the attack until April, having initially denied that any customer data had been compromised. The magnitude of the impact caused the Times to call Capita’s response a “crisis.” The CEO of Capita, Jon Lewis, then confirmed it was “a sophisticated cyber attack.”
Who was behind this?
Responsibility for the attack was publicly claimed by a known cyber threat group called Black Basta, who started to sell Capita’s data via the dark web. This included the bank account details of 152 businesses, scanned images of passports, application forms from individuals for teaching positions and security vetting data. By proving they had this type of data, Black Basta clarified how much valuable information they had managed to steal. Other data allegedly listed for sale included a Capita Nuclear document, the internal drawings of building floor plans and documents marked confidential.
This data implies that the cyber attack had penetrated deep into Capita’s internal IT systems. With customers that include the NHS and the Department for Work & Pensions, the data breach will likely have included highly sensitive data that would greatly benefit criminals.
Black Basta/ BlackBasta
These cybercriminals are a known ransomware group that has only been around since 2022 but have rapidly become one of the most active threat groups, targeting 19 large businesses with over 100 confirmed victims. Targeting companies in multiple countries, but typically in the US, Japan, Canada, UK, Australia, and New Zealand, they use a double extortion technique. This means that once stolen, they encrypt the stolen data before threatening to publish or sell the data for a ransom of millions of pounds.
The implications of the Capita cyber attack highlight the urgency for organisations to prioritise robust cybersecurity practices to safeguard sensitive information and mitigate the damaging consequences of data breaches.
Businesses holding personal data, mainly where they conduct processing on behalf of their clients, must have a clear cyber assurance strategy. Planning and rehearsing against such attacks in real-life simulated cyber attack training, using real-world examples and multimedia inputs to create a real sense of urgency, is something that businesses in the critical national infrastructure have been doing for years.
It is now time for small to medium businesses to take the risks of cyber attacks seriously and to plan and protect against them. Thrive can help design, plan, rehearse, and test your cyber attack strategy and make sure that your staff are put to the test. Hence, they are as prepared as possible for a cyber attack that might look insidious on the surface but could have a material, significant impact on your business.
Talk to Thrive. We are a trusted cybersecurity expert and an accredited Managed Service Provider and can offer your business the Next Generation of Managed Services.
Contact Thrive today to learn how we can help your business stay secure in today’s digital age.
Thrive Expands into Texas with IT FreedomThrive, a premier provider of Cybersecurity, Cloud and Digital Transformation Managed Services, announced today the acquisition of IT Freedom, a technology managed services provider based in Austin, Texas. The acquisition extends Thrive’s NextGen Managed Security & Services Platform into Texas and will enable IT Freedom’s clients to securely accelerate their Digital Transformation journey to the Cloud.
Big MSP Acquisitions: Thrive Heads South, Fulcrum Goes NorthThrive has been seeking companies in Texas to build out its presence in the southern part of the country after it bought MSPs in Florida a few years ago, said Rob Stephenson, CEO of Foxborough, Massachusetts-based Thrive, which has about 29 offices across the U.S., as well as in Singapore; Sydney; the Philippines; and the U.K.
Five Reasons SLED Organizations Need a Disaster Recovery PlanYour state, local, or educational (SLED) organization may be operating on borrowed time if you don’t have a business continuity and disaster recovery plan in place. Natural catastrophes have never been more threatening than they are right now. According to the US National Oceanic and Atmospheric Administration (NOAA), 20 separate weather and climate events caused at least $1 billion in damage in 2021.
At Thrive, we understand you require an IT infrastructure that is strong, secure, and resilient. That’s why our solutions provide customers with several advantages, including safe, dependable business continuity and data recovery.
A disaster recovery plan (DRP), in its simplest form, is a collection of guidelines, tools, and processes designed to change how critical technological systems and infrastructure are restored or maintained following a natural or man-made disaster.
The terms disaster recovery planning (DRP) and business continuity planning (BCP) are frequently used interchangeably.
Disaster recovery plans focus on the steps that must be taken before, during, and after a loss. In contrast, BCP is the preventive process set up before managing a disaster.
Unplanned downtime examples include:
- Cyberattacks
- Hardware failure
- Software failure
- Power outages
- Data corruption
- External security breaches
- User error
At Thrive, we keep your infrastructure operational.
The following are five advantages Thrive can provide for your BCP:
- Minimal Data Loss, Fast Recovery. For protection against incidents that could completely disrupt regular business operations, Thrive offers NextGen IT business continuity solutions that minimize data loss and offer quick, automated recovery of essential systems. Thrive’s Cloud-based Enterprise-class business continuity solutions are ideal for organizations of any size. They are tested and proven DR solutions to meet demanding recovery objectives.
- Priority Restoration Approach. An essential part of an effective business continuity plan is identifying your company’s mission-critical deliverables, prioritizing restoration, and conducting a proactive risk assessment to determine key risk factors that can disrupt processes. To guarantee that the response tactics and data security techniques stay relevant, Thrive’s disaster recovery plan, which includes a BCP framework, is most successful when updated and tested regularly.
- Cost Savings. Developing and executing a DR plan is often limited due to budget, technology, resources, or the availability of skilled professionals onsite. That’s where Thrive comes in. Our Disaster Recovery-as-a-Service (DRaaS) offering is a cloud computing service model that allows an organization to back up its data and IT infrastructure in a third-party cloud computing environment. This makes it possible to regain access and functionality to IT infrastructure after a disaster.
- Rapid Deployment.. Thrive’s Disaster Recovery-as-a-Service (DRaaS) provides virtually no data loss and costs less than increasing the recovery speed of the current provider. The Thrive team can virtualize physical web servers and set up shadow servers in a Virtual Private Cloud.
- Monitoring 24x7x365. Thrive offers complete access to our Network Operations Centers (NOCs), which are staffed by senior technicians and disaster recovery experts and accessible 24x7x365 to implement your DRaaS plan in the event of a disaster or an emergency. Our specialized monitoring and alerting procedures safeguard your vital systems and data.
Thrive’s business continuity and disaster recovery (BCDR) solutions assist our clients in being prepared for the worst.
Contact our team today to learn more.
Employee Spotlight: David Minkoff, EVP of Corporate OperationsWelcome back to another installment of our “Thrive Spotlight” blog series.
Our featured employee is David Minkoff, Executive Vice President of Corporate Operations. David oversees Thrives centralized services that help support clients 24×7.
David calls Bucks County, Pennsylvania, home. He’s an avid Philly sports fan and rarely misses a game! In his spare time, he enjoys spending time with his wife of 24 years, his 21-year-old son, and three dogs.
Hi David! Can you tell us about your background and how you came to Thrive?
I’ve been working in IT since the mid-’90s, starting off doing technical work for a few years before moving into management. I have been working in the MSP space since 2008 where I have been ever since.
In a previous company, I worked with some of the Thrive leadership team and other employees, so I was familiar with Thrive before joining the company in January 2022. When I received a call to work at Thrive, I jumped at the opportunity to work with this amazing team again.
What do you most enjoy about working for Thrive?
That’s an easy one, everyone at Thrive! There are no egos, and everyone has the same goal, to do what’s best for our employees and clients. Everyone is willing to roll up their sleeves and help when needed, which is why we have the best clients, many of them long-term.
Any recent exciting projects at Thrive that you can tell us about?
One of the highlights throughout my career has been the ability to help and support bringing in entry-level IT employees and allowing them to grow and advance their careers within the company. So recently, when Thrive announced that they wanted to launch an Apprentice Program, I was excited to be part of this project.
In this program, Thrive works with colleges in the areas near our offices to bring in full-time apprentices for entry-level jobs in technology. The apprentices work onsite with Thrive mentors for training, support, and certification guidance to help them reach their career goals.
Are you interested in learning more about Thrive? Click here!
And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…