Massive Hack Hits Continuum MSPs, End Clients

Two months after the cyberattack was discovered, the full extent of the damage remains unclear.

Aldrin Brown, Editor-in-Chief

October 5, 2016

3 Min Read
Massive Hack Hits Continuum MSPs End Clients

Continuum is tightening security and warning managed services providers (MSPs) to be on the lookout for malicious activity after a massive cyberattack penetrated the software vendor’s IT management systems and compromised an unknown number of end-user client servers, the company confirmed today.

MSPs were notified in early August that a breach originating with a legacy IP scanner tool had spread, resulting in unauthorized administrator accounts being created inside customer networks.

More than two months after the hacking attack was initially discovered, the full extent of the damage remained unknown.

“We identified several clients who had administrative superuser accounts created within their Windows active directory without our knowledge,” said a Continuum partner who asked not to be identified. “These accounts were created and active for several days prior to us being notified of the breach, so unidentified intruders had full access to our clients’ systems and data long before we found out about it.” 

“We have identified login events within server logs which confirm unauthorized access to our clients’ servers from dozens of IP addresses around the world,” the partner continued. “We still have no way to know what sort of malicious software or gateways may have been left behind nor what data has been stolen, which absolutely could lead to additional problems and liability concerns for us in the future.”

Continuum officials said they have responded aggressively to the cyberattack.

“When we learned that our partners might have been compromised, we responded quickly and forcefully,” the vendor said in a statement. “Among other things, we immediately engaged a top forensic firm and the FBI.”

“Our engineering team worked around the clock to write new software to flag suspicious activity, disable suspicious accounts and build tools to respond to the potential threat,” the statement went on. “We also communicated regularly with our partners and published a set of guidelines to help all partners strengthen the security at their end clients.”

In an Aug. 4 email, Continuum Managed Services CEO Michael George advised affected partners to close any non-essential ports and continue checking for fraudulent administrative accounts, system accounts or accounts with elevated privileges at client sites.

“We have a list of known suspicious accounts posted and we are running a script to disable known suspicious accounts,” the communication said.

“We have also created a script to display all users across all of your sites so you can review and validate each more easily,” the email continued. “In some cases, we have observed open RDP (remote desk protocols) access and other security settings that should be tightened immediately.”

Such attacks are “increasingly part of the digital world we live in,” George’s email said.

The Continuum partner who spoke on condition of anonymity said that MSP is investing a great deal of effort to prevent and detect further unauthorized access.

“We have suffered strained client relations as a result of notifying our clients about this breach,” the owner explained. “The scariest part of all of this is what we still don’t know, and what could happen in the future.”

 

Send tips and news to [email protected].

Read more about:

MSPsMSP 501

About the Author

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.

 

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like