Ransomware, XDR, Governance, Risk and Compliance, MSP

Security Update: ‘Black Basta’ Ransomware Group Targets MSFT Teams

Microsoft teams logo on a smartphone
  • SecureCyber Teams with FS-ISAC to Pull in Financial Services Threat Data
  • Black Basta Group Using QR Codes in MSFT Teams Chats for Initial Access
  • N-able, Others Helping MSPs, MSSPs Comply with CMMC 2.0

Each week ChannelE2E takes a trip over to our affiliate site MSSP Alert to bring you the news headlines around cybersecurity that matter to your MSP or other channel business.

Cybersecurity has become a key component of managed services businesses, and one could argue all channel businesses, regardless of the business model. More MSPs are leading their sales conversations with discussions of cybersecurity.

Cybersecurity services sales continue to be a bright spot in Canalys' analysis of channel business over the last year, even as hardware sales and other sales have slowed. Here's your roundup of key cybersecurity news for you this week.

SecureCyber Teams With FS-ISAC to Pull in Financial Services Threat Data

MSSP SecureCyber is bolstering the security services it delivers to financial organizations by integrating its managed extended detection and response (MXDR) platform with the Financial Services Information Sharing and Analysis Center (FS-ISAC).

The FS-ISAC is a not-for-profit financial industry consortium that includes a threat intelligence platform and a real-time network for sharing that intelligence to drive cybersecurity and resilience in the worldwide financial system.

Integrating with the FS-ISAC will give SecureCyber access to that information to feed it into its MXDR to better protect its financial services clients, according to Shawn Waldman, founder and CEO of the 15-year-old MSSP and one of MSSP Alert’s MSSP 250 companies.

“This is very specific intelligence based on assets connected to the financial industry,” Waldman told MSSP Alert. “We no longer have to manually input or hunt down threats that are specific to this industry. Now we are directly connected to FS-ISAC and using their real-time intelligence combined with our proprietary automation and playbooks.”

Read the complete story here.

Black Basta Group Using QR Codes in MSFT Teams Chats for Initial Access

High-profile ransomware group Black Basta is turning to malicious QR codes in Microsoft Teams chat messages to gain initial access to a victim’s system, embracing what is becoming an increasingly popular social engineering tool used by threat actors.

Black Basta, which came on the scene in 2022 and also operates as a ransomware-as-a-service (RaaS) enterprise, previously overwhelmed users with spam emails, which led them to create a legitimate help-desk ticket asking to fix the issue. The bad actor – posing as the help desk – would then contact the end user about the ticket and work their way into the system.

However, recent incidents revealed that the attackers have started to use Microsoft Teams. Microsoft has the largest channel partner community in the world with MSPs and MSSPs providing assistance with Office 365 including Teams and with security tools such as Microsoft Defender. The Microsoft Teams chat messages have been used by the threat group to communicate with their targets including QR codes for initial access, according to cybersecurity firm ReliaQuest’s threat research team.

“The underlying motivation is likely to lay the groundwork for follow-up social engineering techniques, convince users to download remote monitoring and management (RMM) tools, and gain initial access to the targeted environment,” team members wrote in a report. “Ultimately, the attackers’ end goal in these incidents is almost certainly the deployment of ransomware.”

Read the rest of the story here.

N-able, Others Helping MSPs, MSSPs Comply with CMMC 2.0

N-able is the latest company looking to give MSPs the tools they need to comply with evolving cybersecurity frameworks, including the recently released Cybersecurity Maturity Model Certification (CMMC) 2.0 from the federal government.

The Burlington, Massachusetts, company is launching a number of compliance initiatives and resources aimed at ensuring that MSPs, MSSPs, and other service providers can fall in line not only with security frameworks in the United States but also those in other parts of the world.

CMMC 2.0 has been in the works for several years, with the final version being released earlier this month. It comes with a more streamlined tiering, with three levels rather than five, allows for some extent of self-assessments at Levels 1 and 2, and aligns with NIST SP 800-171 for Levels 1 and 2 and NIST SP 800-172 for Level 3. 

There are other changes from CMMC 1.0 in such areas as notification requirements and milestones.

Read the rest of the story here.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

You can skip this ad in 5 seconds