Free Newsletters for the Channel
Register for Your Free Newsletter Now
Email From Continuum CEO Michael George Advising Partners About Cyberattack
The Aug. 4 communication informed partners of a significant attack that resulted in unauthorized administrator accounts being created inside end-client servers.
2 Min Read
Continuum CEO Michael George
Dear (Partner),
Over the past several days we have been working with a set of our partners regarding a security vulnerability at end client sites where partners utilized Continuum’s legacy IP Scanner tool. This tool created an admin account called SAAZDEPUSR, and the user credentials for that account were compromised and leaked online.
As part of our investigation, we have also noticed suspicious activity on sites not associated with the legacy IP Scanner tool. We have observed unauthorized admin accounts that have been created at sites. We don’t know if this is related to the original issue, but as a result we are paying closer attention to all sites and noting any suspicious activity and investigating as needed.
As a result, we are strongly recommending that all partners check for suspicious activity and any fraudulent administrative accounts, system accounts, or any accounts with elevated privileges at all client sites. In addition, consider closing all ports that are not needed for you to conduct business.
We have a list of known suspicious accounts posted and we are running a script to disable known suspicious accounts. We have also created a script to display all users across all of your sites so you can review and validate each more easily. Here is a link to the report instructions.
In some cases, we have observed open RDP access and other security settings that should be tightened immediately. Based upon our initial findings, we’ve posted actionable recommendations that you should take immediately.
True remediation and protection requires us to work hand-in-hand together as partners. We will continue to take action moving forward and we strongly urge you to:
Take independent and aggressive action to contain this security incident in the way you would contain any security incident.
Pay close attention to the regular updates and recommendations that we are posting and follow those recommendations wherever applicable.
Review the laws and regulations that are applicable to you and your clients’ businesses and determine whether to communicate to your clients.
These kinds of attacks are increasingly part of the digital world we live in. As your partner, we will continue to work aggressively with our expert forensic firm and the FBI to investigate the situation. The Information Security page will be updated regularly and please reach out to your account team with questions.
Sincerely,
Michael George
CEO
Continuum Managed Services
Send tips and news to [email protected].
About the Author
You May Also Like
Mar 24 - Mar 27, 2025
Mar 24 - Mar 27, 2025
The Channel Partners Conference & Expo, co-located with MSP Summit, is the gathering place for the technology services community. Agents, VARs, MSPs, integrators and service providers will converge to share ideas and drive discussion on the topics shaping our industry.
REGISTER NOW