MSPs Beware: Cybercriminals Are After You
Cybercriminals are realizing that the richest pickings come when they can piggyback on other companies and use their software and services to infiltrate multiple other sites. The SolarWinds and Kaseya hacks were examples of supply chain hacks whereby the bad guys infected software that was then passed on to a many other enterprises.
Think about it from the criminal perspective. Why go to great lengths to phish and scam the systems of consumers, home users, or regular organization employees when you can gain more ground with one targeted attack. Accordingly, they are going after areas of the highest potential return. That’s why MSPs are now in the spotlight.
Online Criminal Ads in Chat Rooms
A recent report from Huntress showcased how hackers are advertising in criminal online forums, primarily in Russian. One ad said:
“Looking for a Partner for MSP processing. I have access to the MSP panel of 50+ companies. Over 100 ESXi, 1000+ servers. All companies are American and approximately in the same time zone.”
What is emerging is a raft of initial access brokers (IABs) – criminal groups that attempt to sell access to MSP clients and corporate networks. This is all part of the evolving cybercriminal supply chain. Instead of the extortion, ransomware, and having to spend time gaining a foothold inside prized networks, IABs do the initial donkey work. By relying on IABs, other criminal hacking groups can use the access rights provided to launch more sophisticated attacks that lock down entire systems. They are happy to pay a finder’s fee to IABs. Unfortunately, there are plenty of potential buyers.
On the IAB side, they gain money without too much risk. The major gangs are the ones directly extorting millions. They are more likely to fall afoul of the FBI and other agencies. IABs are probably regarded as small fry – akin to small-time street hustlers selling a relatively small amount of illegal drugs. The authorities are more interested in their suppliers and the criminal kingpins behind them.
IABs just focus on one skill: the art of gaining entry into secure networks by whatever means necessary. They look for outdated software, misconfigurations, and unpatched systems that they can exploit. They seek to lure gullible users into clicking on malicious links or attachments. They know how to use brute force techniques to crack the passwords of desirable users. Thus, the passwords of MSP service providers have now graduated into the highly prized category.
Imagine the embarrassment and the fallout if an MSP found itself responsible for infecting all its users due to malware hidden in its software or due to one of its email accounts being hacked? That’s why MSPs need to up their security game – and fast.
Security Starts at Home
MSPs are laser-focused on delivering services to their clients. In security, for example, they are keen to sell vital services to customers to help them secure their networks.
However, in light of recent events and the rise of IABs, MSPs are urged to begin with a thorough assessment of their own systems. The last thing an MSP needs is to find malware lurking in its own network. This could be catastrophic to customers.
Before offering Syxsense Enterprise to customers, therefore, it is strongly recommended that it be implemented internally. It takes care of vulnerability scanning, patch management, mobile device management, IT management, and included automatic remediation features. This enables the MSP to achieve a clean bill of health.
From that strong foundation, the MSP can reach out to its clientele to offer them the best unified endpoint security and management (USEM) suite on the market.
Set a great example internally for your customer base. Encourage them to implement Syxsense Enterprise today.