IT services provider SHI says it was the target of a “coordinated and professional malware attack” this week. The reseller, which works with businesses in the UK, claims no customers were impacted due to “swift action” to identify and thwart the cyberattack, but the incident highlights that ITSPs are a popular target for hackers.
The company operates in the UK, US and the Netherlands providing services to more than 15,000 clients in the corporate, enterprise and public sectors.
The cyberattack hit during the Independence Day holiday weekend and led to the company taking most of its public presence offline including its websites and email servers to give security staff time to assess the systems.
Email systems were able to come back online by Wednesday, two days after the initial attack, although other systems are still being assessed and restored in a “secure and reliable manner”.
At the time of writing, the SHI homepage features a simple statement outlining what happened and explaining that customers can now reach account teams and specialists via email and telephone.
SHI says in a statement that there is no evidence that any customer data was stolen during the attack, adding that it is working with the FBI and CISA over the incident. It is unclear who is behind the attack.
In a blog post, SHI wrote: “No third-party systems in the SHI supply chain were affected”, adding that “SHI will keep customers informed as we return to business as usual”.
It praised the “quick reactions of security and IT teams” in identifying the incident and taking measures to minimise the impact on systems and operations.
SHI cyberattack: ITSPs are a popular target for hackers
This type of cyberattack is becoming increasingly common. At the end of June, Germany-based frozen-food firm Apetito lost access to IT-supported systems due to a malware attack, stopping it from taking any new orders. It was still having issues as of the start of this month.
The latest update on the issue was published on July 1, Apetito says it is working with security experts to ensure no personally identifiable information had been compromised and would report any issues to the Information Commissioner’s Office.
ITSPs are a popular target for hackers, because the nature of their software means they can potentially open the door to the IT systems of their customers, allowing criminals to launch supply chain attacks.
Last year, Kaseya, the IT management software company, was attacked by ransomware group REvil. This left 36,000 service providers without access to the firm’s flagship product VSA for four days.
At the time of the attack it was reported that 1,500 customers had been left with encrypted files due to hackers exploiting a vulnerability in software used by managed service providers. REvil affiliates reportedly contacted affected businesses, offering single decryption keys in exchange for $45,000 paid in the cryptocurrency Monero.
Public holidays such as Independence Day weekend are a common time for criminal gangs to launch attacks. Speaking to Tech Monitor last year, Steve Forbes, head of product at security company Nominet, said: “Around seasonal holidays and things like that where there are people on holiday their guard may be down. It’s prime time for cybercriminals because they know there is ideal opportunity to get through the net and have the maximum impact on these organisations.”