 So, it's no secret in 2019 that a lot of the bad actors are targeting IT companies and managed service providers. The reason why is really simple. It scales better. The tools we have are very powerful. If they are able to compromise those tools, that gives them a very fast way to deploy tools. And, of course, the ultimate gain of ransomware and the fact that they're making money with this has been embolden them to do more and more. And I'll leave a link to this here. This is a little bit more in-depth discussion about the attacks over at Datto. And this particular gentleman here was breached. These are some people that go through what they see through the threat landscape. And they talk a lot about the details, how the breach happened. And by the way, I'll save you a click. He did stay in business, but cost him a ton out of pocket even though he had insurance. And I don't want to see this happen to anyone. This is not a ha-ha moment at all. This is a reminder it really can happen if you're not paying attention to security. Even myself. I have third-party auditing that I do, so I want to make sure we're doing things right. It doesn't mean no mistake was ever made, but you're always trying to make best effort, minimize what they refer to as your threat surface. But I wanted to dig into that part of it because I've heard people who say, no, your threat surface is exposed because you have a link to your remote support portal, your link to your connect-wise portal, et cetera, et cetera, link to your website. You should only give that directly to your clients. And I think people are mistaken about how these bad actors are finding and picking their targets. I don't think it's Googling what is a good MSP in the area and start their target to their research. The most likely scenario that's the most plausible scenario is they're using tools that are just scanning the internet. One of those tools that's really popular and works really well, and by the way, completely affordable for you to use as well, is Shodan. I'm a user. I have an account. I use Shodan to keep an eye on my network and clients networks to see if something's exposed. Obviously, I do my best to not expose anything that doesn't need to be exposed, but mistakes can be made. And this is why you have tools that can check you. It's not just about securing things. You're not secured until it's been audited and checked. But this is what's scary about Shodan is if you go here and we type in something like Screen Connect, which we know was a tool popularly used for companies that had lost control of their Screen Connect installations, we find 8,000 almost, 7,905, where just the header of Screen Connect comes up in this list. Now it didn't take long for me to dig a little further and my goal is not to dox or call out a company. So I took the time to put together a slideshow. And what the slideshow will show you real quick here, so we're going to go ahead and hit present. And I blurred all this out. And all I had to do is go click on a couple of these. And Shodan was nice enough to find both things with Screen Connect open and their whole connect-wise via RDP. It even took the time to list out all the vulnerabilities because they're running an old version of Apache on this. So what did we find? Like I said, I'm not trying to dox the company, but this is a company right here in the US, an MSP. And by the way, through their SSL cert, I was able to find their website and their website says they do cybersecurity and do all these things are super secure, blah, blah, blah, fancy website on numerous employees, even, and this is where it gets really bad. This is their exposed RDP server. We have the connect-wise admin administrator and both of these names I blurred out and I blurred them out up here as well, are the principles of the company, the people who run it. Go a step further. It took no time because the one person has a unique name. And of course he has a LinkedIn profile. Also, go a step further, took no time at all to find cell phone numbers, property records, a little bit of open source intelligence. So within five minutes of me typing screen connect a few clicks later, I had everything I need if I were a bad actor to target that person. Bad actors go after the low hanging fruit. If you're someone who doesn't have RDP exposed, you have a VPN, you've locked everything out, they're less likely to go after you because it's a bigger challenge. It is a more difficult. When you have someone who just leaves their connect-wise admin exposed, then they're an easy target. They have halfway there. They know the username. Only thing you know is the password. And with knowing the person's name, knowing their email address, knowing their cell phone number, all this was a publicly available information, it takes no time at all for them to go through this. And we're seeing that and this is something we learned. Watching these different breaches, going through this when we went through a data. They're not just guessing and spraying out passwords and hoping to get one. They know the password. They know it because they took their time to research and target and pick their victim. And I don't think they picked their victim by looking up their website. They started on the reverse. They go into somewhere like Shodan or many of the other tools that are out there like this or just scan it themselves and look for companies with a combination of connect-wise control or other things out there that are running flawed old servers that leave RDP exposed. And they just grabbed the low hanging fruit. And there are so many MSPs that were breached already this year. I have friends that work in the breach management and incident response community. And they are just seeing this happening and ramping up. And the reason why they say it is always the same. It's not that exciting. They're not using, and this is mentioned in the data, really advanced attacks. It's low hanging fruit. It was no two factor turned on. Sometimes RDP exposed to get in there. One of them in particular, they said, was a combination of RDP. And they had federated everything through the access of RDP and Microsoft Windows Server for a whole single sign on. So once they cracked the single sign on, it got them into everything else and no more 2FA on all of it. So a lot of it's really obvious things. And there's a ton of these companies out there. I just grabbed one that I seen had RDP open. It took me no time to find out. There's a lot more of them out there. I don't know what to do about these companies. Like the market's kind of figuring it out. And the bad actors are picking them up. But unfortunately, the bad actors are becoming more sophisticated due to the fact they're well, well funded. They are much more well funded as all these companies pay out due to having insurance due to the volume of attacks and these businesses have to get back up and running. It's tragic. It's bad. I'm hoping to put this out there. So some MSPs look at it and go, I wonder if I'm on that list. Cause some people are too proud to say that their security stack is tight. They know more than everybody else and they're super good, blah, blah, blah. The reality is take the time, audit your stuff, figure out what you need to have access and know more. Think about the principles of lease privilege. You don't need anything exposed. If you can get away with not exposing it, put it behind a VPN, lock it down as much as possible, make sure all the patches are up to date and make sure two factors on. So just some simple things you can do. So hopefully you don't end up a statistic and take a look. If you find yourself on here, panic a lot, not a little panic a lot and start doing something about it. I'm hoping, you know, we start to see this go away. But right now it's the opposite. We're seeing it ramp up more. And we just have to stay secure. And I've said this before, security is a team sport. We're all in this together. You know, I'm not here like I said to docs anyone right here poke fun at them. I'm trying to encourage the market to get better and encourage these companies to take some time, spend a few minutes on show Dan and literally it's 59 bucks a month to have a million requests and 5,000 IP monitored. I mean, come on, it's not like this, this shouldn't be a cost should not be a barrier for this bare minimum of just keeping yourself off these lists and double checking everything with show Dan. All right, thanks. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon. If you like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos that are accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.