Author Archives: Megan Carnes

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Kevin Cott, Client Business Executive – Europe. Kevin focuses on delivering world-class IT strategies to potential clients.

Kevin grew up in Ireland but now calls the West Midlands in the UK home. He enjoys going on holiday, visiting Ireland or exploring European cuisine in his free time.

Hi Kevin! Can you tell us about your background and how you came to Thrive?

I studied Economics and Finance at the University of Limerick. Since 2010, I’ve worked in the IT reseller and Managed Services industries working with clients to leverage value from their investments in technology. I joined Thrive in March 2022, and while I wasn’t actively looking for a new role, I couldn’t turn down the opportunity to join such a great organization.

What do you most enjoy about working for Thrive?

There’s a couple of key things for me. Firstly, the goal is clear from the organization’s top to the bottom. Every single person that knows what we do and how we do it. Secondly, the caliber of the people that I get to work with. Thrive has  built an amazingly talented team, making my role more straightforward as a client-facing sales team member.

Any recent exciting projects at Thrive that you can tell us about?

There’s so much going on it’s hard to choose. From a client perspective, our ability to enable them to cope with changing technology and cyber landscape is unmatched. I’ve seen firsthand how we are significantly moving the needle regarding their ability to cope with increasing workforce demands while securing their most important technology assets. From a Thrive perspective, I find our expansion into Europe fascinating.

Are you interested in learning more about Thrive? Click here!

And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Kirsten Mills, Service Delivery Manager for the Southeast Region.

Kirsten is always on the go and also enjoys spending quiet weekends with her family at home in Pelham, Alabama.

Hi Kirsten! Can you tell us about your background and how you came to Thrive?

I joined Thrive in January 2022 as part of the InCare Technologies acquisition. I handled labor and agreement invoicing, vendor audits, AR and collections. I worked closely with managed services engineers/managers and other InCare teams on audits and invoicing.

Working with various departments, especially engineering, and having a great CFO, Michele Boner, who supported and pushed me to be creative and outspoken, helped me learn about our products, customers, and the company.

In July 2022, Chae York (RVP of Service Delivery for the Southeast) asked me if I would be interested in moving to a Service Delivery Manager role. I accepted and have loved every minute of my new position, and my accounting skills have proven invaluable in my new work environment.

What do you most enjoy about working for Thrive?

I like my colleagues and the fast-paced service desk, and I learn something new every day. Every team/department I have interacted with at Thrive inspires me and is always helpful and willing to listen.

Working at Thrive, I feel valued, heard and supported. The company does a beautiful job listening to employees and supporting creative thinking.

Are you interested in learning more about Thrive? Click here!

And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

Our recent blog documented the enormous impact of a cyber ransomware attack on Capita, which has continued to affect the data and violate the privacy of thousands of UK consumers and businesses handling secure and sensitive information. Cited as one of the most significant known impacts on UK businesses and consumers, in this blog, we’ll dive more in-depth into the criminals behind this attack. We’ll also offer insight into how this happened and what smaller to medium businesses can do to protect themselves from this kind of event.

Questionable Motivations

Those responsible for oversight of the UK’s cyberspace, such as the National Crime Agency (NCA), are reporting the rise of cyber attacks targeted at businesses rather than individuals. And the impact is getting more severe. Cyber attackers are no longer just “lone wolves” but have joined with others to form groups with differing motivations and ideologies.

The original lone hacker, typified by the teenager in the bedroom, sees attacking businesses and governments as a game and challenges themselves to increasingly develop extreme skills, resulting in access to highly sophisticated systems, including secure government and defence networks.

One 16-year-old, purported ring-leader of the UK group Lapsus$, took down Microsoft. Another British teenager was arrested in 2019 after successfully hacking into Cloud accounts holding songs from some of the world’s best-known musical artists.

The rise of hacktivist campaign groups, such as Anonymous, is driven by social beliefs or political or religious affiliations. Their motivations are typically to target government agencies and to inflict damage or cause embarrassment rather than to steal data. They, too, may create disruption but impact businesses to a lesser extent.

Cyber attack groups that use the most sophisticated means of attack are generally believed to be state-sponsored. Black Basta is a Russian-speaking group and typically targets English-speaking countries in the “Five Eyes” defence community. Because of this, the group is believed to have an underlying political agenda. Capita is one of those organisations that support the fabric of British society heavily behind the scenes, as do many outsourced service providers and businesses that handle public information and process data on behalf of government bodies and agencies.

Who was behind this attack?

The difficulty in detection is that the distinction between nation-states and criminal groups is becoming increasingly blurred, making it harder to attribute cyber crime to specific groups. The NCA acknowledges that Russian language criminals operating ransomware as a service are responsible for the most high-profile cybercrime attacks experienced against the UK.

Black Basta (also known as ‘BlackBasta’) is a well-known ransomware group. Newly formed in 2022, they have rapidly become one of the most active known threat groups, attacking businesses in multiple countries such as the US, Japan, Canada, the UK, Australia and New Zealand. Being financially motivated, with the intent to gain as much money as they can, they use what’s known as a “double extortion technique.” This means that once they have infiltrated a company’s IT system and stolen high-quality data, they encrypt it so that it cannot be used by the company they have attacked and then threaten to publish or sell the data for a ransom of millions of pounds.

Black Basta claimed responsibility for this most recent attack and began advertising the data it had stolen from Capita’s IT system network. With a high level of sophistication in their attack methods and a reluctance to recruit or promote on Dark Web forums, many cyber attack watchers and analysts believe that Black Basta is either made up of members of another known criminal group or just a rebrand of the Russian-speaking group “Conti,” and could be linked to other Russian-speaking cyber threat groups. It appears that both groups use similar tactics and techniques.

How Do They Do It?

The details of Black Basta’s attack have not been made public. However, we can draw some conclusions. Like most cyber attacks, a seizure usually begins through human error. Typically, through a phishing email, Black Basta will gain initial systems access via a link embedded in a malicious document. Usually, this link arrives via email in a password-protected zip file.

Businesses must be aware that simple human errors, often through carelessness rather than maliciously, can result in catastrophic damage. For example, employees away on business connecting to unsecured Wi-Fi networks can make it easier for cyber attackers to access systems. Using the same password on multiple sites on both work and personal devices is another central area of vulnerability. Missing phishing emails while working in haste or lacking reinforcement training may have initiated this attack. IT Managers and CISOs need multiple layers of protection, such as training, awareness, and processes, to enable staff to safely perform regular operational duties to contain any potential threat. Insider threat is another vulnerability, and when an employee leaves under bad terms, there must be protections in place to prevent any unexpected breaches of company data, passwords, or critical processes.

In Capita’s case, staff initially reported that correct passwords were being rejected when they tried to log into its Microsoft Office 365 suite of applications. A vulnerability within

Microsoft Active Directory, which holds details of every user account on the network, is believed to have been targeted so that users could neither login nor change their passwords. Mass text messages were sent to Capita staff telling them not to log into corporate IT systems, but many of those messages still needed to be received.

What is the Active Directory Vulnerability 2023?

CVE-2023-21676 is a recently detected vulnerability in part of the Lightweight Directory Access Protocol (LDAP) system. Access enables attackers to execute code remotely onto Windows Server installations and gain System privileges, the highest user access level in Windows. The vulnerability affects all currently supported versions of Windows servers and clients.

In June 2023, Microsoft announced that it had acted against this zero-day vulnerability and provided a security patch.

What Should Companies be Aware of?

It is critical to review all layers of process, training, and security protocols and ensure company-wide awareness of the risks of cyber attacks. In practical and immediate terms and to effectively reduce the risks associated with this specific vulnerability, IT security staff should immediately apply the Microsoft patch issued on April 11, 2023.

In addition, Thrive recommends the following security best practices to mitigate the threat significantly:

1. Regularly assess IT systems to identify vulnerabilities and misconfigurations.
2. Ensure you patch and upgrade operating systems, firmware and applications.
3. Have a policy of multi-factor authentication (MFA) and phishing protection.
4. Train staff with simulated attack scenarios and ensure that processes are in place to report to the internal cybersecurity team promptly.

Thrive can advise, audit, and suggest how your IT security policy and procedures shape up to acceptable risk standards.

Contact Thrive today to discuss how we can reduce your risk of a cyber attack.

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Matt Chabot, EVP of Technology. He oversees the technology that optimizes clients’ business application performance with Thrive’s NextGen Platform of Cloud, Security, Networking, and Business Continuity services powered by ServiceNow’s automation and self-service capabilities.

Matt lives in Andover, MA, with his family. In his spare time, you’ll find Matt exploring the outdoors, hiking and biking in the summer and snowboarding in the winter.

Hi Matt! Can you tell us about your background and how you came to Thrive?

I started in IT by joining the Boston College help desk during my Sophomore year and then started assembling and selling computers out of my dorm room a year later. After graduating, I began working full-time at Innovative Networks and, shortly thereafter, became a founding partner and eventual CTO of Tier1Net. Over the next 20 years, I helped build Tier1Net into one of the most well-respected MSPs in Boston.  In 2019 Tier1Net was acquired by Thrive and now I have the pleasure of helping to build the most well-respected MSP in the world!

What do you most enjoy about working for Thrive?

Every day I learn something new from the talented and dedicated teammates I have at Thrive and truly love working with them to help scale Thrive’s processes to meet our rapid growth rate.

Any recent exciting projects at Thrive that you can tell us about?

I geek out over automation and was excited when we recently automated a critical step in Thrive’s process to onboard new customers into our Endpoint Security and Response service offerings.

Are you interested in learning more about Thrive? Click here!

And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

CHALLENGE

The company, one of the largest construction companies in the U.S., has gone through significant growth and needed a provider that could help it scale and automate the onboarding and offboarding process of adding and removing employees.

SOLUTION

The construction company evaluated providers of all sizes, and Thrive stood out due to the ability to scale and drive automation with a comprehensive IT strategy. Thrive’s team of experts successfully built ServiceNow automation to assist the construction company with aggressive growth requirements. Thrive’s Cloud-based client portal, powered by ServiceNow, provides a real-time view of its network and can create, route, and close IT support requests directly through the platform. In addition, Thrive implemented ThriveCloud, which powers an Enterprise-class Cloud infrastructure with optimal performance, security and efficiency. Disaster Recovery, Managed Backup, a Microsoft strategy and Thrive Helpdesk were also deployed.

RESULT

As a result of the Thrive partnership, the construction company now has a custom, robust platform that allows it to scale business in any market with automation and confidence in cost control.

How can Thrive help your business?

Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.

To learn more about our services, CONTACT US

Perimeter 81, the rapidly-growing converged network security, Zero Trust Networking Access (ZTNA) and Secure Access Service Edge (SASE) leader, named Thrive its Top Q1 Partner for 2023.

Thrive received the award at Perimeter 81’s recent Summer Partner Kickoff.

Thrive partners with the industry’s best-of-breed channel and technology companies, including Perimeter 81, allowing us to build, deliver, and support NextGen managed services that our clients can rely on.

Perimeter 81’s robust and scalable Zero Trust security stack is part of Thrive’s deep and comprehensive portfolio of cybersecurity and NextGen managed services that protect clients in an increasingly dangerous cyber landscape with its reliability and resilience.

Thrive seeks partners that push the limits of security innovation and who help us continue to best serve our clients today and beyond.

We are thrilled to be recognized by Perimeter 81 for unlocking new opportunities and driving positive change throughout the IT channel.

Congratulations to all the fantastic partners who received their well-deserved awards for being the MVPs of the first half 2023. Click here to see a complete list of those recognized.

Recent news of a massive cyber ransomware attack on a significant UK business has created one of the largest known impacts on UK businesses and consumers.

This attack by a notorious ransomware group on the major UK outsourcing company Capita continues to impact hundreds of thousands of people three to four weeks after being first reported.

This blog details the attack and its consequences and offers thoughts on how smaller businesses can prepare for these risks.

What happened?

In March, Capita publicly admitted that it had become another large organisation that was the victim of a targeted ransomware attack. Capita is a business that runs core services worth billions of pounds for government and high-profile private industry, including local councils, the NHS, the military, the BBC and pension funds. It operates the UK’s largest pension fund and private schemes for many large organisations. This cyber attack compromised Capita’s most profound IT systems and threatened the personal details of hundreds of thousands of pensioners whose data was stolen.

More than 90 large organisations have reported breaches of personal information from this attack. The victims include companies such as the Royal Mail and Axa, which have millions of policyholders, and the UK’s largest pension fund, the Universities Superannuation Scheme (USS). The USS alone has gone on record to publicly confirm that the cyber breach has affected over 470,000 individual policyholders, with serious data breaches of their names, birthdates, and National Insurance Numbers. This type of personal data breach can result in identity theft or at least enormous inconvenience and concern.

The nature of Capita’s business support structure means that by accessing Capita’s systems, hackers potentially could access many of their suppliers, business customers and individual consumers whose data is processed daily by the company. As the impact continued, The Pensions Regulator (TPR) advised over 300 of its pension funds of this potential data theft and then other pension schemes administered by Capita. This included hundreds of private sector pension schemes belonging to employees of Marks and Spencer, Diageo, Unilever and Rothesay, who had to step in and take preventive and emergency action in warning their members that their data was likely to have been stolen.

Rumour of a £15million ransom

After being made aware of the attack, Capita decided that the best course of action was to pay the hackers a ransom fee to protect the data, which the company needs daily access to so they could carry out business.

Creating a responsible business repatriation plan must have been a significant risk for the business, whose core business is the processing of other companies’ personal and private data relating to individuals. This took longer than hoped with many people feeling angry that there was a lack of speed and transparency. Capita did not publicly acknowledge the extent of the attack until April, having initially denied that any customer data had been compromised. The magnitude of the impact caused the Times to call Capita’s response a “crisis.” The CEO of Capita, Jon Lewis, then confirmed it was “a sophisticated cyber attack.”

Who was behind this?

Responsibility for the attack was publicly claimed by a known cyber threat group called Black Basta, who started to sell Capita’s data via the dark web. This included the bank account details of 152 businesses, scanned images of passports, application forms from individuals for teaching positions and security vetting data. By proving they had this type of data, Black Basta clarified how much valuable information they had managed to steal. Other data allegedly listed for sale included a Capita Nuclear document, the internal drawings of building floor plans and documents marked confidential.

This data implies that the cyber attack had penetrated deep into Capita’s internal IT systems. With customers that include the NHS and the Department for Work & Pensions, the data breach will likely have included highly sensitive data that would greatly benefit criminals.

Black Basta/ BlackBasta

These cybercriminals are a known ransomware group that has only been around since 2022 but have rapidly become one of the most active threat groups, targeting 19 large businesses with over 100 confirmed victims. Targeting companies in multiple countries, but typically in the US, Japan, Canada, UK, Australia, and New Zealand, they use a double extortion technique. This means that once stolen, they encrypt the stolen data before threatening to publish or sell the data for a ransom of millions of pounds.

The implications of the Capita cyber attack highlight the urgency for organisations to prioritise robust cybersecurity practices to safeguard sensitive information and mitigate the damaging consequences of data breaches.

Businesses holding personal data, mainly where they conduct processing on behalf of their clients, must have a clear cyber assurance strategy. Planning and rehearsing against such attacks in real-life simulated cyber attack training, using real-world examples and multimedia inputs to create a real sense of urgency, is something that businesses in the critical national infrastructure have been doing for years.

It is now time for small to medium businesses to take the risks of cyber attacks seriously and to plan and protect against them. Thrive can help design, plan, rehearse, and test your cyber attack strategy and make sure that your staff are put to the test. Hence, they are as prepared as possible for a cyber attack that might look insidious on the surface but could have a material, significant impact on your business.

Talk to Thrive. We are a trusted cybersecurity expert and an accredited Managed Service Provider and can offer your business the Next Generation of Managed Services.

Contact Thrive today to learn how we can help your business stay secure in today’s digital age.

Welcome back to another installment of our “Thrive Spotlight” blog series.

Our featured employee is Samuel Fieldhouse, Security Engineer.

Previously living in the United Kingdom, Sam now calls Calgary, Canada, home. In his spare time, Samuel dabbles in side projects that better help him learn the tools Thrive currently uses and develop solutions to implement in the workplace. He’s currently developing a security-focused Micro-SaaS web application using Django and React. He enjoys rebuilding his F800S BMW motorcycle from the ground up when he’s not in front of a keyboard.

Hi Samuel! Can you tell us about your background and how you came to Thrive?

I joined Thrive in early 2022 through an advertisement from the UK. acquisition of ONI. At the time, I worked as IT support for a mid-sized clothing company and then a small fishing company. I assisted in their e-commerce business, including writing websites, launching and managing a warehousing system and general IT. While my previous positions offered minimal focus on cybersecurity, the security team at Thrive was happy to take on someone passionate and educated in cybersecurity and provide them with the training and experience needed to succeed.

What do you most enjoy about working for Thrive?

The atmosphere at Thrive is second to none. My team is amazing and always focused on learning new things and helping each other. The culture at Thrive supports those who want to research and implement something new, or if someone is more knowledgeable about a topic, they’re always happy to share that information with the rest of the team.

Any recent exciting projects at Thrive that you can tell us about?

The newest project for the security team involves a new tool, FortiSOAR. This Security Orchestration Automation and Response tool will allow us to collate and use the information we receive as a security operations center to respond to any security threats effectively and efficiently. A crucial part of my new role with the Security Engineering team is to develop within the SOAR and use its powerful automation to take away the mundane and repetitive tasks in an analyst’s day, allowing them to focus more on the things that matter.

Are you interested in learning more about Thrive? Click here!

And don’t forget to follow us on Twitter and LinkedIn for the latest news and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

Thrive, a premier provider of Cybersecurity, Cloud and Digital Transformation Managed Services, announced today the acquisition of IT Freedom, a technology managed services provider based in Austin, Texas. The acquisition extends Thrive’s NextGen Managed Security & Services Platform into Texas and will enable IT Freedom’s clients to securely accelerate their Digital Transformation journey to the Cloud.