Content, Enterprise, Networking

Maze Ransomware Attacks Cognizant Customer Networks

Share

Cognizant's corporate network has suffered a security incident, and Maze ransomware attacks have now infected some of the IT consulting firm's customers.

Update - April 23, 2020: The ransomware attack may impact Cognizant's revenues and financial results, MSSP Alert reports.

In a prepared statement about the security incident, Cognizant on April 18 said:

"Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident.  Cognizant has also engaged with the appropriate law enforcement authorities.

We are in ongoing communication with our clients and have provided them with Indicators of Compromise (IOCs) and other technical information of a defensive nature. "

Cognizant did not disclose how many customer systems were hit in the attack.

Cognizant is a global systems integrator (SI), managed IT services provider (MSP) and custom software developer. The company has massive global reach. For its fourth quarter of 2019, quarterly revenue was $4.3 billion, up 3.8% the fourth quarter of 2018.

Ransomware Attacks Repeatedly Target MSPs, IT Consulting Firms

Alas, MSPs remain prime targets for ransomware attacks. Examples include:

How to Protect MSPs From Ransomware

The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

To safeguard against such attacks, ChannelE2E recommends the following MSP steps:

1. Embrace Multi-Factor Authentication: Activate two-factor/multi-factor authentication (2FA/MFA) on all systems — including MSP software platforms, administrator systems and end-user systems where ever possible. Longer-term: Check in with all of your vendors to understand the current state of their 2FA / MFA strategies, upcoming enhancements and multi-vendor relationships.

2. Configure BDR and Security System Alerts: Check in with security and business continuity platform suppliers. Learn how to properly configure BDR and security systems so that administrators receive alerts whenever system settings are changed or adjusted. Longer-term: Potentially explore third-party 2FA/MFA platforms that can assist this effort. Strive to ensure that BDR and security setting updates/changes require an approved MSP administrator who has 2FA/MFA access.

3. Embrace an MSP Documentation Platform to document your data protection and cybersecurity processes, disaster recovery plans, etc.

4. Stay Informed: Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.

5. Build Your Long-term Plan: Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.

6. Boost MSP Employee and End-user Awareness: Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.

7. Integrate Wisely: Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.

8. Partner With MSSPs: All MSPs need to get more serious about managed security services. But it’s unwise to suggest that all MSPs will transform into full-blown MSSPs. As an MSP, decide which pieces of the risk mitigation puzzle you can truly manage, then partner up with a true MSSP to fill your gaps. (RelatedTop 200 MSSPs, from MSSP Alert.)

9. Refocus Your Travels: As face-to-face conferences get canceled amid the coronavirus pandemic, explore virtual alternatives to continue your cyber education.

10. Additional Suggestions: If you are aware of such attacks and have best practices for risk mitigation and recovery, email me: [email protected].

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.