Are you ready for what's next? The 2022 TPRM Preparedness Toolkit will take your program to the next level!

Passwordstate Password Manager Breach: Free Questionnaire to Assess Supply Chain Risk

Assess your company’s exposure to the Passwordstate breach with these 8 essential questions for your vendors.
By:
Kristjan Hanson
,
Solutions Engineer
April 29, 2021
Share:
Blog passwordstate breach 0421

On April 24, 2021, Click Studios announced that a recent in-place upgrade of their Passwordstate password manager product had been comprised between April 20th and 22nd with invasive malware. The malware collected sensitive data, including passwords held in the Passwordstate system. Customers were informed to deploy a hotfix package and reset all passwords held in the system.

Assess Your Third-Party Exposure to the Passwordstate Breach

Since Passwordstate is widely used by 370,000 security and IT professionals in 29,000 organizations, Prevalent has curated an 8-question assessment that can be leveraged to rapidly identify any potential impacts to your business by determining which of your third parties was affected by the malware and whether or not they have an incident response plan in place to address any risks.

8 Critical Questions to Ask Your Vendors

The answers to these questions will help you determine what remediations or next steps will be required to mitigate the potential impact. 

Questions Potential Responses

1) Has the organization been impacted by the recent Click Studios Passwordstate malware attack?

(Please select one.)

a) Yes, we have been impacted by the recent Click Studios Passwordstate malware attack.

b) No, we have not been impacted by the recent Click Studios Passwordstate malware attack.

c) The organization is unsure if it has been impacted by the recent Click Studios Passwordstate malware attack.

2) Has the organization contacted Click Studios with a directory listing of c:\inetpub\passwordstate\bin output to a file called PasswordstateBin.txt and has this file been sent to Click Studios Technical Support?

(Please select one.)

Help Text: Where an organization has been impacted by the Passwordstate malware attack, it is strongly recommended that it contacts the solution provider to receive advisory support and recommended actions to resolve the incident.

a) Yes, the organization has contacted Click Studios, and provided the directory listing of the Passwordstate output, and a copy of the PasswordstateBin.txt file to the Click Studios Technical Support team.

b) No, the organization has not contacted Click Studios, and provided the directory listing of the Passwordstate output, and a copy of the PasswordstateBin.txt file to the Click Studios Technical Support team.

3) Has the organization obtained a copy of the Incident Management Advisories created by Click Studios, and made available on their website?

(Please select one.)

Help Text: Click Studios has provided advisory papers, which describe key steps an organization should take following confirmation of having been affected by the Passwordstate malware attack.

a) Yes, the organization has obtained a copy of the Incident Management Advisories and has followed the recommended actions provided.

b) No, the organization has not obtained a copy of the Incident Management Advisories, or followed the recommended actions provided.

4) Based on the advisories provided by Click Studios, and contact with the Technical Support team, has the organization implemented the following recommended actions?

(Please select all that apply.)

a) The organization has downloaded the advised hotfix file.

b) The organization has used PowerShell to confirm the checksum of the hotfix file matches the details supplied.

c) The Passwordstate Service and Internet Information Server was stopped.

d) The hotfix was extracted to the specified folder.

e) The organization restarted the Passwordstate Service, and Internet Information Server.

5) Has the organization conducted password resets to the following critical systems?

(Please select all that apply.)

a) All credentials for externally facing systems (Firewalls, VPN & external websites).

b) All credentials for internal infrastructure, (Switches, Storage Systems & Local Accounts).

c) All remaining credentials stored in Passwordstate.

6) Does the organization have an incident investigation and response plan in place?

(Please select all that apply.)

Help Text: Procedures for monitoring, detecting, analyzing and reporting of information security events and incidents should be in place, and enable an organization to develop a clear response strategy to handling identified incidents and events.

a) The organization has a documented incident management policy.

b) The incident management policy includes rules for reporting information security events and weaknesses.

c) An incident response plan is developed as part of incident investigation and recovery.

d) Incident response planning includes escalation procedures to internal parties, and communication procedures to clients.

7) Who is designated as the point of contact who can answer additional queries?

Name:

Title:

Email:

Phone:

8) What is the level of impact to client systems and data following this attack?

(Please select one.)

Help Text: Consideration should be given to level of impact on the availability and confidentiality to client information or systems.

Significant impact: The Passwordstate attack has caused client systems to stop working or become unavailable. There has been a loss of confidentiality or integrity of data.

High impact: Service availability to client systems has been periodically lost, and there is the potential for some systems to periodically stop. Some loss of confidentiality or integrity of data.

Low impact: No loss of confidentiality or integrity of data, and minimal or no disruption to service availability.

a) There has been no impact to client systems or data following this attack.

b) There has been a low impact to client systems or data following this attack.

c) There is a high level of impact to client systems or data following this attack.

d) There has been significant impact to client systems or data following this attack.

Free Guide: 8 Steps to a Third-Party Incident Response Plan

When one of your critical vendors is breached, being ready with a prescriptive incident response plan is essential to preventing your company from becoming the next victim.

Read Now
White paper incident response 0421

Prevalent Can Help Accelerate Third-Party Incident Response

Prevalent recently introduced the Third-Party Incident Response Service, a solution that helps to rapidly identify and mitigate the impact of supply chain breaches like the Passwordstate malware attack by providing a platform to centrally manage vendors, conduct targeted event-specific assessments, score identified risks, and access remediation guidance. Prevalent offers this solution as a managed service to enable your team to offload the collection of critical response data so they can focus on remediating risks instead.

Complementing the Incident Response Service is Prevalent’s continuous cyber and business breach monitoring that provides regular updates on breach disclosures, adverse news events, and cyber incidents such as malicious dark web activity about your vendors.

Together, these solutions help to automate breach impact discovery and accelerate response.

Take the Next Step

Use this questionnaire to determine the impact the Passwordstate malware attack could have on our supplier ecosystem. And, learn more by downloading a best practices white paper, try free business and financial monitoring for up to 20 of your vendors, or contact us for a demo!

Tags:
Headshot kristjan hanson
Kristjan Hanson
Solutions Engineer
After graduating from Carleton University Bachelor of Commerce program, Kristjan began as a Customer Success Manager with Prevalent in the fall of 2019. Kristjan worked with customers to help grow their third party risk management programs and was a strategic partner ensuring customer success. In late 2020 he joined the Solutions Engineering team, working with Prevalent Sales to build new connections in the market.
  • Ready to get started?
  • Schedule a personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo