Earlier this month, Russian-linked cybercriminal organization, REvil, launched the single biggest global ransomware attack on record. The breach infected thousands of victims in more than 17 countries and demanded $70 million in cryptocurrency to unscramble all the infected machines. What made this breach especially noteworthy was the specific conduit the criminals used to gain access to the victims: Kaseya VSA (virtual systems/server administrator), a remote monitoring and management (RMM) solution. RMM solutions are commonly used by managed services providers (MSPs) and managed security services providers (MSSPs) alike. What makes them particularly attractive to cybercriminals is that each MSP/MSSP breach has an enormous trickle-down effect. For example, CBS News reported that Swedish grocery chain Coop had to close most of its 800 stores for multiple days because the attack crippled their cash register software supplier. Thus, not only do these “one-to-many” attacks lead to more victims in a shorter period, but they also lead to bigger payoffs for the attackers.
Greg Hedrick joined Presidio in 2020 as Chief Information Security Officer. Greg has over 25 years’ experience in Cyber Security. Prior to joining Presidio, Greg served as CISO for Purdue University and was responsible for policy and compliance, identity management and security teams including the Security Operations Center for the entire Purdue System.
Greg also collaborated with the State of Indiana to build the Indiana Cyber Security Center. Greg is CISSP and CRISC certified and has served on multiple organizational boards and committees including past President of the Indianapolis Information Systems Security Association, Board of Directors for the Information Systems Audit and Control Association (Indianapolis chapter), and the Educause Security Professionals Conference program committee.