 So this discussion comes up every now and then in different forums of I hate the tooling company for my managed server provider And I'm talking specifically to other IT companies that always ask the question like hey What stack are using etc etc, but then they see an attack and I've covered this a couple times I've covered a tax where the tooling of the MSPs were used against their clients basically the Managers writer the IT company did not practice good security at all Therefore ends up getting hacked and therefore By extension that was the pivot by which the attacker was able to gain access to all of the clients that that particular Service provider supports data. We did a great webinar on this. I'll find it and drop a link below I mean you can easily find a lot of information on this, but it's not the tooling companies is the problem It's not Kaseya. It's not connect-wise. It's not solar winds. That's the problem with here They all offer tools that have good security. We know they have other issues and that's not what I'm here to discuss We're specifically here to talk about security and properly Configuring those and locking them down is good security But as we know and as I've seen over and over in my industry is an IT provider and managers writer myself Many of these companies just are really bad at doing any real work when it comes to updates and security hygiene They are just leaving things hanging out and I did a quick search again I've talked about this before but this is where the problem lies It is not the fault of the tooling companies and trust me these tooling companies My only fault I have with any of them is that they let these users set up things without being too FA They allow them to have insecure passwords It's almost like and they I think the assumption is they assumed their audience was smarter than it was I'm sorry, but I feel this would happen over at connect-wise with screen connect They thought people would just do the right thing and then connect-wise has learned because our names got dragged into this a couple times And they're not the ones directly at fault because of a security flaw But because they allowed users to use weak passwords and then they did and I see users I mean IT companies and that's how they got you know taken over and their clients taken over and Some of the share or something real quick This took me no time to find and I just thought it was this was a search over in show Dan And I'm screenshotting and blurring because this IT company offers all kinds of managed cyber security blah blah blah They have a really nice website. That's all I'm gonna say Everything that you want to see in an IT company. They're running server 2008. I blurt out their name They have remote desktop exposed. They have CW admin. That's the connect-wise admin and undodably They're using RDP for convenience to log into their connect-wise control server or a connect-wise server to do administration work Let's go further. They're running an old version of IAS And I've once again blurred out some of their information here grab does a screenshot Here's just some of the CVE's that show Dan listed with them because it's such an old version of IIS once again, no patching no updates running an old version and This is like just a screenshot when I started digging just a little matter of fact It was the delay in getting this video was almost like the face palming I do by just using show Dan in finding how many people have RDP with their connect-wise credentials Exposed you can like the connect-wise admin user ready for a password And then all they have to do oh look we can figure out the name of the IT company And then they usually send them some type of phishing email and if they're this bad at security on this side of it I'm willing to bet a phishing email would work great to get them to log into something they probably use the same password everywhere and That is the debrief on this so I've actually talked to Northern one several breach teams who have done remediation I've spent some time with other you know people who work in cybersecurity and they are Jaded a little bit because they're just like I'm so disappointed like they said every time We think it's gonna be some clever attack that we sort out We're like oh use the same password for everything like Everywhere like well no password no two-factor anywhere right nope the same password for every account yep you use single sign on yep Okay, well, we know how they hacked you they sent you an email you clicked on this email You gave them the password and use the same password no matter where they go So then they took over everything and the investigations on all these MSPs and there's been a ton of them hacked Not just the couple that I covered. I talked to one particular person that I think they're at 43 MSPs that have been hacked that they have done the breach remediation and been involved at some level in that's a big number For a small company that does that it's just Ramping up, but what my point is it's not the tooling. It's about the patching It's about making sure that the systems are done right and you have good security hygiene I've had I'm really happy because we've helped a couple companies help them We use screen connect so people know us for that and I've helped some of these MSPs update their screen connect servers and things like that and I I did like the you know, the guy was going hey, don't judge me. I haven't updated in a while I'm glad nothing seemed wrong when we got in there But yeah a while was like four or five years He had not updated he installed it and bought it and never updated again He's like I feel like you know, I may have some security issues. I'm like you may You may certainly have some you haven't updated anything and there's a long list of problems And you know have the humility to reach out if you don't know how to update these servers You're not sure how to configure them the person that set it up left. Whatever those reasons may be do it before you end up losing your business I I don't know how to get it through to these MSPs. Some of them are just so Stubborn and I really am aggravated. They have no Sense that they don't know what they're doing They are like overly confident and we've taken over it from some of these overly confident nice website salesy IT people Who had no idea what they were doing? No idea how to update the client software and clearly no infrastructure update for themselves And when you start digging around just on Shodan, which by the way is no complete exhaustive search of the internet or MSPs They have things exposed But wow it'll give you some enlightening if you just type in connect wise or screen connect and see how many of these Companies are running really old versions with no certificates passing, you know data over clear text and probably not using two FAs It's like all the indicators for people or the threat actors looking for a target There's it's a target-rich environment So these attacks are not until these IT companies get picked off these are not gonna get better They're gonna get worse. We're gonna see more of it out there We have businesses looking for more and more security and unfortunately They're finding some of these companies that are way better at marketing and getting their name out there Then they aren't actually doing their job It's a really tough position for small businesses. I'm still trying to think of ways to You know help them vet people see if they don't choose me I want them to have an informed choice of not just the person that with the you know The best brochure or the best sales pitch But a company is actually doing the security our industry moves fast So it's not as easy to certify that someone's doing a thing I know a lot of people have tried that But we kind of need to self-check a little bit and you know even yourself if you own an IT business You should have some of the humility to say alright I probably need a third party that's not my internal team to maybe look over what we do And see if it's secure or to look over our external You know exposure and figure out are we exposing things you can use showdown for pretty cheap to do that and scan yourself You can just you know go home and scan your off scan your office IP ranges with end map or something simple At least get some ideas whether or not you have some major exposure that you overlooked These are really important things and I wish more IT comes to do it but it's not the tooling it's the IT companies and With more and more people it seems like getting into the IT game and want to put the hat on it says we're a manager's rider I hope you know what that comes with that comes with managing and loading all these updates and making sure they work All right, thanks, and thank you for making it to the end of the video If you liked this video, please give it a thumbs up If you'd like to see more content from the channel hit the subscribe button and hit the bell icon If you like YouTube to notify you when new videos come out if you'd like to hire us head over to Lawrence systems Com fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com Or we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos They're accepted right there on our forums, which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time