The Gately Report: Acronis Says More Vendor Integrations Needed to Fight Cyber Crime
Plus, LockBit ransomware group releases data stolen from Boeing.
![Acronis Acronis](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt2ec98ca1201f161f/6552908ababd3b040a53ceeb/Acronis_booth_at_IT_Nation_Connect_1000x750_2023.jpg?width=700&auto=webp&quality=80&disable=upscale)
The Acronis booth at IT Nation Connect stayed busy with visitors.
Channel Futures: What is your role with Acronis?
James Abercrombie: My role is technology evangelist. I think I changed that to developer advocate due to the fact that I believe what I'm actually doing is advocating for developers to help streamline their adoption and their consumption of their solutions by integrating into Acronis. So over the past five and a half years I've worked with Acronis, I've learned about all of the integrations that we have. I didn't have the ability to launch new ones, though, until just recently when we've launched our CyberApp Standard. That is what my main function is, to evangelize and make sure that people understand the value of integrating natively with Acronis, getting them exposed to 20,000 MSPs, and then showing those MSPs where the true bread and butter of their product is. I really preach to people about how they can make more value out of their product by integrating with Acronis.
CF: What brought Acronis to IT Nation Connect? How are you working with ConnectWise? How can it help partners grow and succeed?
JA: So since I've been with Acronis about five and a half years, we have had a great partnership with ConnectWise. First things that I learned as a solutions engineer here at Acronis was the ConnectWise PSA and the RMM integrations. And the reason why these integrations were huge for us is because it eliminated a lot of the mundane work that an MSP needed to do to onboard and start utilizing Acronis. So what I mean by that is creating a new customer, creating a user, assigning user rights, installing an agent, registering an agent, assigning a backup plan, kicking off the backup plan, testing the backup plan, those types of things. And by making an integration with ConnectWise PSA, that eliminated the complexity of onboarding a new customer. As you already have your customer relation information in the PSA, we're able to create a customer in Acronis from the ConnectWise information, so we can create a new customer. We can assign all of the service offering items that that customer will use, and that will provision that customer in the Acronis console automatically so they can live in their PSA and start leveraging other technologies quickly and simply. So that's step one. Step two with the RMM, we have the capability of pushing out our agent, updating our agent, and then also monitoring that agent to make sure that the backup has run. And if it hasn't run, we can kick off a new backup when the last patch management is run, when the last vulnerability assessment is run, when the last antivirus scan was run. So the idea is to be able to look and live where you are comfortable, and be able to do more with less. And as we saw that, we expanded into other territories with ConnectWise such as ScreenConnect, as well as the Asio platform. So the idea is to make it easier for the partner to manage all those technologies from where they're comfortable.
CF: What is the Acronis CyberApp Standard, and how can it help partners grow and succeed?
JA: It will help MSPs grow and succeed by allowing them to integrate all their technologies, all of their stack, to be managed from one location. Once upon a time, we believed that we should be the solution across the whole stack, and that only flies so far. The fact is, an MSP needs to be able to feel like they're in control of their destiny, which they are, and we're going to empower them to do more. But this gives them the ability to say hey Acronis, I use X, Y and Z technologies, how can I make it easier for my management and my staff to utilize those technologies? So CyberApp Standard is a low to no code UI drag and drop builder. And we took this UI approach instead of the API approach to make it much more secure. As you know, an API is pretty open ended, anybody can make that call. So what we've done is we've made it a UI approach where the ISV will come with their API callbacks with the data that they want to display in Acronis, and then they'll use the UI drag and drop builder in Acronis vendor portal to show how it should be displayed in the Acronis platform. So that is going to help them manage their solutions from one location and also make their technicians a little more efficient. Now, how it helps ISVs is by getting their solution in front of our 20,000 MSPs, getting them in front of people who know and love Acronis today … but they need some more help and they need to know what else do I need to be doing? I'm doing backups of all my systems. I'm doing backups of all my email, my Microsoft 365. What else can I do? Well, you can add on email security. You can add on some additional layers to ensure that human error is a little more safeguarded. So the CyberApp Standard is effectively making it easier for the channel to be more secure as well as effective, and to consume more technologies.
CF: Last week, Acronis announced its new MSP Academy. What other ways is Acronis helping MSP?
JA: Let's talk about the academy real quick. The MSP Academy is huge, huge, huge. And the reason why it's huge is because instead of just saying hey, here's some certification courses, go get certified, we are helping the MSP grow. We have a course that's called going from break/fix to being an MSP. And we can teach you how to be an MSP and how to not only be an MSP, but how to grow your MSP. We've talked to so many partners that have made it to the $1 million-$2 million mark, but then they kind of hit a snag and they couldn't go any further. Well, by providing them with this MSP Academy we're giving over six learning plans at the moment. We've got much more planned, but over six learning plans that are very concise and very easy to digest. There are like seven bit modules and each one of those bits are about three to seven minutes, easy to digest. The idea is we want about a five minute video that you can consume at your leisure and then apply that knowledge later. And by getting these credits, you can then show that you've passed some of these curricula. You can put it on LinkedIn, you put it on your social media. But the idea is all of the curricula that we have developed, whether it be for support, whether it be for sales, whether it be for marketing developers or even your management, like the executive staff, we have plans that will help you be more effective with the Acronis solution as well as being an MSP. So how else are we helping MSPs? We're listening to them. We are listening to what they are struggling with today and once we understand how they struggle, we offer some solutions. And if we can't offer the solution, we work with the technology vendor that can and we make sure that they are then integrated so that we do solve that solution, which then takes it another level for everybody.
CF: Does feedback from MSPs and other partners influence what you do and what’s coming next from Acronis?
JA: One hundred percent. It really is the only way. Obviously, we've got executive staff that have some ideas and they have great ideas. They're brilliant, they're geniuses. But if you're not providing to the MSP community what they need and want, how are you going to be completely successful? So we do have a technology partner program. We do have an advisory council that we tap into to understand where their business is trending and where they are finding that they're having hurdles. How can we help you? And that's what we apply to our roadmap.
CF: Is the threat landscape shaping Acronis’ product, business and channel strategies? If so, how?
JA: Yes, the threats landscape will 100% be evolving forever and ever, changing everybody's focus as we find new vectors of threats. We're going to focus on that now, whether it be us investing into R&D or us investing into an integration with somebody who already does it. As soon as a threat is known, we are actively going to be working to make sure that you are not a statistic if you will. And so we have three cyber protection operations centers across the globe actively checking threats. They're actively alerting people of threats that exist in their backups that exist in our cloud. It's a huge operation. So yes, the way that the threat landscape is evolving today is 100% impacting and shaping the way that we are going to market.
CF: Many organizations are dealing with tight budgets. How is Acronis helping partners meet their needs?
JA: So the way that we help partners meet their needs is by understanding what their needs are, and then by investing into them. We have marketing dollar funds that will help them do campaigns, whether they be social campaigns, whether it be events. We have a thing called a TeamUp program that our MSPs are leveraging to really get their name out regionally. It's a pretty awesome program that allows for MSPs to reap the benefits of partnering with sports teams such as Red Sox or Hendricks Motorsports, or Roush Fenway. So the idea is that we used to invest into these to get our name out there, but there's only so much that we can make off of our name. We want our customers to make more money. And as soon as our customers make more money, that impacts us. So we give them a lot of hospitality capabilities with this TeamUp program. It allows for an MSP to offer Acronis Cyber Protect services to a sports team. So we'll go out as Acronis, we will do an assessment of the sports team, we will see what technologies they're using and what technologies of Acronis they could be using, and then we pass that on to an MSP and we say you can realize this monthly recurring revenue for three years and also get all of these hospitality extras. The idea is we're never going to stop listening to new ideas as to how we could help MSPs. The sky's the limit. But ultimately, right now, we're investing in the academy to make sure that the MSPs understand where I could go next.
CF: What can partners expect from Acronis in the months ahead, into 2024?
JA: So we are about to launch our MDR. We've just launched EDR. We're really looking to catch up on the categories that we don't touch. So our technology partnership program is going to really hit hard in 2024, making sure that every single vendor in this hall has an integration with Acronis. And then we're bringing more value to the MSPs.
In other cybersecurity news ...
The recent Boeing ransomware attack has now evolved, with LockBit releasing the data stolen earlier in the month.
According to Bleeping Computer, before the leak, LockBit hackers said Boeing ignored warnings that data would become publicly available and threatened to publish a sample of about 4 gigabytes of the most recent files.
LockBit has leaked more than 43 gigabytes of files from Boeing after the company refused to pay a ransom. Among the data are configuration backups for IT management software, and logs for monitoring and auditing tools. Backups from Citrix appliances are also listed.
Boeing sent us the following statement:
“Elements of Boeing’s parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems. We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities and potentially impacted parties as appropriate. We remain confident this incident poses no threat to aircraft or flight safety.”
James Dyer, threat intelligence lead at Egress, said LockBit has shown they aren't afraid to call organizations' bluff when they say they have their data.
“Since their birth in the 1980s, ransomware and cyber gangs have operated using a combination of approaches,” he said. “The first involves demanding payment from legitimate threats where data has been stolen, and the second is when the threat actors make up claims to earn a quick buck, expecting the victim to concede to their pressure tactics despite no data actually being obtained by the cybercriminals. But when the data is released on the internet for all to see, it's horrifying proof that LockBit isn’t messing about.”
Other victims currently targeted by LockBit may feel hot around the collar knowing that the cyber gang definitely had Boeing’s data rather than an empty threat, Dyer said. When faced with a ransomware attack, the general advice is not to pay up. Not only is there the ethical issue of handing millions of dollars to a criminal organization, but by boosting their success rate, you’re encouraging threat actors to continue their activities and potentially giving them tips on their next attacks.
“Boeing now has an extremely important job to clean up and ensure all passageways into their organization are shut to ensure LockBit actors cannot creep back in whenever they choose,” he said. “They’ll also have the responsibility of notifying and supporting the victims. If this unfortunate case has taught us anything, it’s that you should review your cybersecurity frequently, and have an incident report plan prepared for any occasion, no matter how big or small the company may be. Ultimately, they did the right thing by not paying.”
The U.S. financial services division of Chinese bank ICBC was hit with a cyberattack that reportedly disrupted the trading of treasurys.
ICBC released the following statement:
“On Nov, 8 … ICBC Financial Services (FS) experienced a ransomware attack that resulted in disruption to certain FS systems. Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident. ICBC FS has been conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts. ICBC FS has also reported this incident to law enforcement. We successfully cleared U.S. Treasury trades executed Wednesday (11/08) and Repo financing trades done on Thursday (11/09). ICBC FS's business and email systems operate independently of the Industrial and Commercial Bank of China Group. The systems of the ICBC head office and other domestic and overseas affiliated institutions were not affected by this incident, nor was the ICBC New York branch.”
Andrew Barratt, vice president at Coalfire, said the financial services industry is probably the most heavily regulated in the world. This regulation covers both financial security and operational resilience. While less regulated environments have been involved in notable compromises recently, it is unusual for a member of the financial services community to be affected operationally.
“Banks and credit institutions in particular are expected to have operational resiliency plans to cover all kinds of risks including a ransomware attack,” he said. “It is highly likely that major U.S. and European banks have been subject to ransomware attacks in the past, and it's just not affected them operationally in a way that immediately impacts the consumer. When the insignificant events impacting consumer access to financial services such as the recent events in the United Kingdom, the institutions involved vehemently denied any presence of a cyber actor and it's very difficult to say whether these were down to ransomware incompetence or just poor operational management. Typically, events that caused operational outages are subject to significant regulatory oversight and become a matter of public record. Typically the financial services industry tries to have very accurate, very rapid responses in these circumstances.”
Heath Renfrow, co-founder of Fenix24, said there’s been a lot of very aggressive and unusual breach cases this year, “but this one stands out among even those.”
“Large banks have seldom been victimized by ransomware, this is a sector that is highly regulated and possibly the most diligent about security because of the monetary assets they control,” he said. “That the target was a Chinese bank is also out of step with the norm of recent months. What is consistent about it is the overall trend toward expansion and broadening in ransomware. These affiliate networks are demonstrating a greater aggression, tools mastery, destructive tactics, sophistication and willingness/ability to do the unexpected. We expect more will come to light in the coming weeks.”
The state of Maine is reporting it was among the thousands of organizations impacted by cyberattacks using the MOVEit Transfer tool.
Like many entities globally, Maine utilizes MOVEit, owned by Progress Software, for sending and receiving data.
On May 31, Maine became aware of a software vulnerability in MOVEit, which allowed cybercriminals to access and download files belonging to certain agencies in the state between May 28-29.
“The State of Maine has determined that this incident has impacted approximately 1.3 million individuals, with the type of data affected differing from person to person,” the state said in its notification. “The state … may hold information about individuals for various reasons, such as residency, employment or interaction with a state agency. The state also engages in data sharing agreements with other organizations to enhance the services it provides to its residents and the public.”
The specific information involved in this incident varies based on the individual and their association with the state. However, the following types of information may have been involved: name, Social Security number (SSN), date of birth, driver’s license/state identification number, and taxpayer identification number. In addition, for some individuals, certain types of medical information and health insurance information may be involved.
“As soon as the state became aware of the incident, the state took steps to secure its information, including by blocking internet access to and from the MOVEit server,” it said. “The state also implemented security measures recommended by Progress Software, engaged the services of outside legal counsel, engaged external cybersecurity experts to investigate the nature and scope of the incident, and conducted an extensive investigation to determine what information was involved.”
Nick Tausek, Swimlane’s lead security automation architect, said the state disclosed the majority of data breached belongs to the Department of Health and Human Services and the Department of Education, making this breach the "11th largest MOVEit-related breach."
“State and local governments manage a vast amount of sensitive data, including PII," he said. "They must safeguard this data from third-party breaches by adopting a cyber defense program that leverages security automation to detect and respond to threats in real-time. Third-party vendor breaches are difficult because vendors are often tightly integrated into many organizations. Therefore, it is important to secure not only your own IT infrastructure, but also the access and credentials of third-party vendors. Low-code security automation can facilitate responses to threats and automate basic security tasks, making it easier to achieve these goals.”
The state of Maine is reporting it was among the thousands of organizations impacted by cyberattacks using the MOVEit Transfer tool.
Like many entities globally, Maine utilizes MOVEit, owned by Progress Software, for sending and receiving data.
On May 31, Maine became aware of a software vulnerability in MOVEit, which allowed cybercriminals to access and download files belonging to certain agencies in the state between May 28-29.
“The State of Maine has determined that this incident has impacted approximately 1.3 million individuals, with the type of data affected differing from person to person,” the state said in its notification. “The state … may hold information about individuals for various reasons, such as residency, employment or interaction with a state agency. The state also engages in data sharing agreements with other organizations to enhance the services it provides to its residents and the public.”
The specific information involved in this incident varies based on the individual and their association with the state. However, the following types of information may have been involved: name, Social Security number (SSN), date of birth, driver’s license/state identification number, and taxpayer identification number. In addition, for some individuals, certain types of medical information and health insurance information may be involved.
“As soon as the state became aware of the incident, the state took steps to secure its information, including by blocking internet access to and from the MOVEit server,” it said. “The state also implemented security measures recommended by Progress Software, engaged the services of outside legal counsel, engaged external cybersecurity experts to investigate the nature and scope of the incident, and conducted an extensive investigation to determine what information was involved.”
Nick Tausek, Swimlane’s lead security automation architect, said the state disclosed the majority of data breached belongs to the Department of Health and Human Services and the Department of Education, making this breach the "11th largest MOVEit-related breach."
“State and local governments manage a vast amount of sensitive data, including PII," he said. "They must safeguard this data from third-party breaches by adopting a cyber defense program that leverages security automation to detect and respond to threats in real-time. Third-party vendor breaches are difficult because vendors are often tightly integrated into many organizations. Therefore, it is important to secure not only your own IT infrastructure, but also the access and credentials of third-party vendors. Low-code security automation can facilitate responses to threats and automate basic security tasks, making it easier to achieve these goals.”
The most dangerous thing about the current threat landscape is the lack of vendor integrations and many vendors remain separated from one another.
![Acronis Acronis](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt95ebc0911778506f/6552901606b2c5040a5c4643/Abercrombie_James_Acronis_135x180_2023.jpg?width=NaN&auto=webp&quality=80&disable=upscale)
Acronis' James Abercrombie
That’s according to James Abercrombie, Acronis’ CyberApp developer advocate. We caught up with him at last week’s IT Nation Connect. Acronis has a partnership with ConnectWise.
“The fact is that we are here at IT Nation, this is a channel event, and there are a lot of vendors here that do not work together and do not want to play nice together,” he said. “We are not ever going to get out of this without unification. We have to work together. We have to. We have to team up. We have to make it so that if there is a gap, it is covered elsewhere. And that's what I would say.”
Integrating Vendor Technologies 'Best Way'
Acronis came to the realization that it’s best to work together by understanding “how many technologies are out there that do things that we don't do now,” Abercrombie said.
"We have a great team of developers, a great team of scientists,” he said. “They can build whatever we need. But does it make sense to invest into that when somebody has already built a really good wheel? Why not partner with them? So is there a defining moment that changed us from not wanting to work with others, to wanting to work with others. not while I've been here.”
Acronis already has initiated various integrations where "we invested our time to build this to make it a little bit better for the MSP community,” Abercrombie said.
“I think the real defining moment was seeing how much time it takes to build those integrations and wanting to make it easier, not only for the MSPs, but also for us," he said. "And that's how we entered this whole CyberApp Standard. So by leveraging this, we said look, we can actually integrate with anybody. If you've got a cloud application, let's get it extended into Acronis and get you out there, which you may see morph into something different in the coming years.”
Read more about:
MSPsAbout the Author(s)
You May Also Like