Sekhmet ransomware, which first appeared in March 2020, has already disclosed the stolen data from at least six victims to date. One recent known attack that occurred on 20 June 2020 targeted SilPac, a gas handling solutions company based in Santa Clara, California.

The threat actor begin the attack by compromising the company’s network via RDP service, using brute force to guess weak passwords or with stolen credentials bought on the Dark Web. Next, the attacker performs second-stage reconnaissance. To elevate privileges, the attacker exploits the CVE-2017-0213 vulnerability in the Windows COM Aggregate Marshaler to run arbitrary code with elevated privileges.

Acronis has been named a TAG Cyber Distinguished Vendor in 2021, and part of the benefits of this designation include being featured in the firm’s flagship “Security Annual” quarterly reports. To this end, TAG Cyber’s Q2’21 report was recently published. The report is, for a lack of a better word, a “beast.” It is over 100 pages long and includes 10 op-eds, 13 interviews with industry executives, and five technical whitepapers. While we certainly recommend the entire thing, we also know your time may be limited. That’s why we made a summary of the report that streamlined the content that was most relevant to the Acronis community. Let's take a quick look at what's included.

The rise in cberthreats requires MSPs to make the cybersecurity of their clients a top priority. But what happens when an existing client or a prospect doesn’t think their business is at risk – and they don’t want to enforce the policies or pay for preventative measures you know will keep them secure? Many experts recommend using liability waivers to reduce the risk to your business when stubborn clients refuse to get on board with security. Sometimes, just presenting a waiver can get clients to realize the severity of the risk.