N-able

Soluzioni per MSP e team IT

Backup e disaster recovery
Sicurezza

MSP Lawsuit Underscores Importance of Multi-Factor Authentication (MFA)

AB

By Andrew Burton

Marzo 26th, 2024 6 mins

Content

What Happened, in the Mastagni Holstedt Breach? What is MFA and why does it matter? MFA: Just use it. Please!

Sacramento, CA law firm Mastagni Holstedt has alleged that its MSP LanTech LLC failed to protect it from a ransomware attack that took down its systems. According to ChannelE2E, Mastagni Holstedt is also suing LanTech’s backup vendor Acronis, which has denied any responsibility for the ransomware attack.

We’ll be watching to see how it all shakes out. In the meantime, let’s look at what happened and what we can take away from it. Hint: multi-factor authentication matters. A lot.

What Happened, in the Mastagni Holstedt Breach?

Mastagni Holstedt alleges that it was forced to pay an undisclosed sum to regain access to its network following a ransomware attack conducted by a threat group known as Black Basta. The incident occurred in February 2023 and the lawsuit was filed in February 2024.

 In the lawsuit, Mastagni Holstedt claims that Lantech failed to prevent the deletion of the law firm’s cloud-based backup, which would have helped it recover from the attack. Acronis has denied responsibility, stating that its systems were not compromised and suggesting that access credentials might have been compromised outside its systems.

“Password protection is the responsibility of the customer,” the company said in an email to The Sacramento Bee. “Acronis has not been served with the lawsuit and will not be commenting further on this litigation.”

We do not know whether multi-factor authentication (MFA) was in use at the time of the attack. However, Acronis’ statement does indicate that a password was compromised. It is important to note that many backup vendors, including Acronis, do not require MFA. Instead, it is up to MSPs or even individual technicians to decide whether to use it.

MFA, by definition, requires multiple steps, so it’s easy to understand why an MSP or technician might turn it off (if given the option). However, MFA is an essential layer of protection against a wide variety of attacks. At Cove, we believe that password protection is simply too important to be optional. That’s why MFA is required for all Cove users, as you will see in the video below:

 

Related Product

Cove

Approfitta del backup basato su cloud e del disaster recovery per server, workstation e dati di Microsoft 365.

Find out more

What is MFA and why does it matter?

MFA adds an extra layer of security beyond just a username and password (e.g., facial recognition, single-use code). It can help protect against the following types of attacks (among others):

  • Phishing: MFA makes it more difficult for attackers to access an account even if they have obtained the user’s credentials through phishing attempts.
  • Brute Force Attacks: MFA adds an additional barrier that prevents attackers from gaining unauthorized access through repeated login attempts using automated tools.
  • Credential Stuffing: MFA prevents attackers from using stolen credentials from one website to access other accounts of the same user by requiring a second form of authentication.
  • Man-in-the-Middle (MitM) Attacks: MFA helps protect against MitM attacks by requiring a second factor that the attacker would not have access to, making it more difficult to intercept and use the authentication data.
  • Keylogging and Credential Theft: Even if an attacker manages to capture a user’s credentials through keylogging or other means, MFA adds an extra layer of security by requiring a second factor that is not easily captured.
  • Social Engineering Attacks: MFA can reduce the effectiveness of social engineering attacks by requiring a second form of authentication that the attacker would not have access to.
  • Account Takeover (ATO) Attacks: MFA helps prevent ATO attacks by requiring additional verification beyond just the username and password, making it more challenging for attackers to take over accounts.
  • Insider Threats: MFA helps mitigate risks from insider threats by requiring multiple factors of authentication, reducing the likelihood of unauthorized access even if an insider’s credentials are compromised.

MFA: Just use it. Please!

The results of this case could have significant implications for both MSPs and technology vendors. In the meantime, if your backup provider doesn’t enforce MFA and you haven’t already implemented it, now would be a good time to do so.

To learn more about ransomware recovery, check out our Ransomware Recovery FAQ.

If you are interested in learning more about Cove’s approach to cyber resilience, please don’t hesitate to schedule a demo.

To FIND OUT MORE about Cove Data Protection visit www.n-able.com/products/cove-data-protection Or simply start a FREE TRIAL at www.n-able.com/products/cove-data-protection/trial

Andrew Burton is Product Marketing Manager for Cove Data Protection at N‑able

© N‑able Solutions ULC e N‑able Technologies Ltd. Tutti i diritti riservati.

Il presente documento viene fornito per puro scopo informativo e i suoi contenuti non vanno considerati come una consulenza legale. N‑able non rilascia alcuna garanzia, esplicita o implicita, né si assume alcuna responsabilità legale per quanto riguarda l’accuratezza, la completezza o l’utilità delle informazioni qui contenute.

N-ABLE, N-CENTRAL e gli altri marchi e loghi di N‑able sono di esclusiva proprietà di N‑able Solutions ULC e N‑able Technologies Ltd. e potrebbero essere marchi di common law, marchi registrati o in attesa di registrazione presso l’Ufficio marchi e brevetti degli Stati Uniti e di altri paesi. Tutti gli altri marchi menzionati qui sono utilizzati esclusivamente a scopi identificativi e sono marchi (o potrebbero essere marchi registrati) delle rispettive aziende.