View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 7, 2022updated 28 Jul 2022 9:51am

ITSP SHI thwarts ‘professional malware attack’ on systems

ITSPs are a popular target for hackers, as they can be used to launch supply chain attacks.

By Ryan Morrison

IT services provider SHI says it was the target of a “coordinated and professional malware attack” this week. The reseller, which works with businesses in the UK, claims no customers were impacted due to “swift action” to identify and thwart the cyberattack, but the incident highlights that ITSPs are a popular target for hackers.

SHI provides IT services to businesses. Its systems were hit with a malware attack this week. (Photo by skynesher/iStock)

The company operates in the UK, US and the Netherlands providing services to more than 15,000 clients in the corporate, enterprise and public sectors.

The cyberattack hit during the Independence Day holiday weekend and led to the company taking most of its public presence offline including its websites and email servers to give security staff time to assess the systems.

Email systems were able to come back online by Wednesday, two days after the initial attack, although other systems are still being assessed and restored in a “secure and reliable manner”.

At the time of writing, the SHI homepage features a simple statement outlining what happened and explaining that customers can now reach account teams and specialists via email and telephone.

SHI says in a statement that there is no evidence that any customer data was stolen during the attack, adding that it is working with the FBI and CISA over the incident. It is unclear who is behind the attack.

In a blog post, SHI wrote: “No third-party systems in the SHI supply chain were affected”, adding that “SHI will keep customers informed as we return to business as usual”.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

It praised the “quick reactions of security and IT teams” in identifying the incident and taking measures to minimise the impact on systems and operations.

This type of cyberattack is becoming increasingly common. At the end of June, Germany-based frozen-food firm Apetito lost access to IT-supported systems due to a malware attack, stopping it from taking any new orders. It was still having issues as of the start of this month.

The latest update on the issue was published on July 1, Apetito says it is working with security experts to ensure no personally identifiable information had been compromised and would report any issues to the Information Commissioner’s Office.

ITSPs are a popular target for hackers, because the nature of their software means they can potentially open the door to the IT systems of their customers, allowing criminals to launch supply chain attacks.

Last year, Kaseya, the IT management software company, was attacked by ransomware group REvil. This left 36,000 service providers without access to the firm’s flagship product VSA for four days.

At the time of the attack it was reported that 1,500 customers had been left with encrypted files due to hackers exploiting a vulnerability in software used by managed service providers. REvil affiliates reportedly contacted affected businesses, offering single decryption keys in exchange for $45,000 paid in the cryptocurrency Monero.

Public holidays such as Independence Day weekend are a common time for criminal gangs to launch attacks. Speaking to Tech Monitor last year, Steve Forbes, head of product at security company Nominet, said: “Around seasonal holidays and things like that where there are people on holiday their guard may be down. It’s prime time for cybercriminals because they know there is ideal opportunity to get through the net and have the maximum impact on these organisations.”

Read more: Emotet’s return puts CISOs on high alert

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.