The Ubiquiti Hack…Why you must prioritize Privileged Account Management this quarter

You may have heard that there was a hack discovered at Ubiquiti recently – December of 2020. You may have also heard about a whistle blower claiming it was a lot worse than Ubiquiti lead on. Long story short, the hackers had access to privileged credentials. These credentials were previously stored in the LastPass account of a Ubiquiti IT employee. Using these, the attacker gained root administrator access to Ubiquiti AWS accounts – all of them. This included S3 data buckets, application logs, databases, user database credentials, and more.

Pretty nasty, right? So what does this have to do with PAM (Privileged Account Management) for MSPs? What can the small to mid-size MSP learn from a big corporation hack like this?

After many days, Ubiquiti ultimately resolved the breach in two ways. In addition to locating and eliminating the “backdoors” the hackers had established, Ubiquity began “furiously rotating credentials for all employees before Ubiquiti started alerting customers about the need to reset their passwords.”  As a result, the hacker eventually got locked out – they no longer possessed administrative credentials. Ubiquiti was able to retake control of their own network and data.

It is a common practice for hackers to gain access to a network and stay quiet initially. They are silently observing – waiting to see how things are setup and carefully hide their tracks – ensuring no one knows when they access. But this type of attack can be cut short if the password change cycle (usually 90 days) happens in the time after access has been gained by a hacker and before any attacking has happened.

In these cases, a simple change of a password can remove the hackers’ access and save the day. Something so simple and yet done so infrequently can save so much trouble and prevent such catastrophic damage. With all this in mind, the case for changing credentials routinely and systematically has been made.

Why then do passwords go unchanged for so long? And why would you ever share or formulize credentials when so much is at stake? Why do MSPs risk such massive data breaches and problems?

Time, cost, and complexity!

It is time consuming to change every password and difficult to remember the latest version of all the passwords – and though password vaults, such as LastPass, PassPortal, and others can assist with finding and entering credentials, they fall far short of automating the creation of accounts and changing of passwords.

As a managed service provider, this problem is exponentially more challenging. You have multiple techs accessing many networks, in some cases hundreds, and since each tech should have their own unique account on every network they access – the prospect can quickly seem daunting, even impossible.

Automation of PAM makes it possible. Unique privileged accounts for every tech on every domain in less than an hour, and a different and secure password generated every 24 hours. Easy to use and easy to manage. And designed for the budget of a small to mid-sized MSP.

TechIdManager creates and manages a unique account for each tech on every domain they are granted access to and changes their passwords every day – providing the account credentials to only that tech and only when they need them.

By changing the password every day, and by ensuring that every tech has a unique password on every domain, this makes it exponentially harder for hackers to gain and maintain access to a domain. And with TechIdManager, we have automated everything securely and efficiently. This PAM automation tool can save you hours of overhead every month, keep you compliant in the event of an audit, and prevent hackers from gaining access to the networks and data your clients entrust with you every day.

Contact us for a demo today. sales@ruffiansoftware.com