The Texas local governments attack seems to me to be more akin to the trend we have been seeing in 2019 with attackers targeting one MSP and then using that access and the MSP’s tools to attack / encrypt the MSP’s individual clients. If I’m not mistaken (and, I could be), the Texas DIR often acts as sort of a provider / MSP or/ MSSP to some local governments by providing outsourced services to those local governments.

Does anyone know if that was the case for these 22 entities or if that has some connection? I do know DIR is leading the response.

UPDATE: I just heard from a friend who has worked arm in arm with these folks and the answer is:

Hey Shawn. Answer to your DIR question is no. DIR does not provide services to local gov in this form but does coordinate response.

UPDATE UPDATE:

As we learn more, yep, it was an MSP — join the discussion here:

https://www.linkedin.com/posts/activity-6569964507114852352-8IK7

https://www.linkedin.com/posts/shawnetuma_about-dir-activity-6569395266389110784-40Jw

 

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading