Estimated Reading Time: 9 Minutes
Cybercriminals will exploit any vulnerability that will enable them entry into an IT network. If they cannot infiltrate an organization directly, they will find a backdoor in their supply chain.
For businesses in the tech industry, this backdoor is often their managed services provider (MSPs). MSPs work with multiple clients, holding massive amounts of information and data. Gaining access to their systems means a high chance of obtaining access to thousands of business systems.
Clients of MSPs typically rely on them to bring a full stack of IT services – including security. If MSP cybersecurity threats become a reality, the effects could impact their entire client roster – leading to financial loss, legal consequences, and serious reputational damage.
Here are the top five categories of MSP cybersecurity threats and digital risks that businesses need to be aware of as we head through 2022 – and how MSPs can protect themselves and their clients.
Ransomware evolves with the times. What started as petty crime has become a major problem for businesses everywhere. Previously, ransomware attackers had to jerry-rig their own payment collection methods or employ retail shopping cards, prepaid cash cards, and even cash payments sent to PO boxes across the country. The effort versus reward kept ransomware attacks from spreading out of control.
Recently, ransomware threats have become more frequent and more lucrative, spurred by the growth of cryptocurrencies.
This new payment method is virtually untraceable and very attractive to criminals as it allows ransomware attackers to wield the swiftness and anonymity of crypto-transactions. This development has made life much harder for MSPs: 73% of companies identify ransomware as the top threat method used to infiltrate their systems.
Connectwise’s 2021 MSP Threat Report revealed that 60% of MSP client incidents were related to ransomware.
The report also predicts that attackers will continue exploiting the lack of visibility or understanding across the multiple cloud-based solutions and programs that MSPs use. Threat actors will be “banking on the fact that [the cloud] is a source of poor visibility for us,” said one MSP. It is likely they will continue to focus on cloud-based attacks against MSPs going forward.
Ransomware threats have become more focused as well, due to a technique called Big Game Hunting (BGH). This is a targeted, complex, low-volume, high-return cyberattack through ransomware. Once attackers gain entry, they make lateral movements across the network to observe it before exfiltrating files and deploying the ransomware.
For MSPs, BGH attacks are extremely damaging. Part of this is due to the patience that big game hunters display when performing this attack method. It typically takes a considerable amount of time for an attacker to understand, steal from, and infect the compromised network. But once they do, they can single out the ‘big shots’ within the MSPs’ systems and exploit them without anyone the wiser.
By the time the MSP and their clients realize what has happened, a huge amount of data will have been damaged or stolen, and the provider’s reputation suffers.
Other types of ransomware threats that will most likely be common in the near future include:
Social engineering refers to a broad range of malicious activities performed by human interaction. Psychological manipulation is often utilized to trick users into breaching security protocols and giving away sensitive or personal data.
The perpetrator first investigates the intended victim to gather necessary background information such as potential points of entry and weak security protocols.
The attacker then moves to gain the victim’s trust and bait them for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.
98% of cyberattacks rely on social engineering; on the rapport and connection that is established as the attack progresses. Moreover, social engineering exploits are effective about 80% of the time.
That’s how convincing social engineers are – and there is no indication of that changing anytime soon.
MSPs need to educate everyone in the organization, as well as their customers, on how these MSP cybersecurity threats start, how to identify them, and how to deal with them appropriately. Online cybersecurity courses, awareness training, and seminars will go a long way in keeping teams up to date about social engineering exploits and tactics.
Some social engineering forms and examples are as follows:
A Distributed Denial of Service (DDoS) attack, also known as a Distributed Network Attack, is a cybersecurity threat that leverages the limits of network infrastructures. Cybersecurity provider Kaspersky summarizes a DDoS attack as follows:
“The [attacker] will send multiple requests to the attacked web resource – with the aim of exceeding the website’s capacity to handle multiple requests and prevent the website from functioning correctly.”
Microsoft reports they’ve mitigated an average of 1,392 DDoS attacks per day (as of May 2021), and more than 251,944 unique attacks in total during the first half of 2021.
Hackers tend to launch coordinated DDoS attacks in cloud computing with multiple devices that have already been compromised, either through hacking or malware. This allows every machine involved to perform criminal activity without the owner’s knowledge.
Examples of these MSP cybersecurity threats are the Equifax hack in 2017 and the TaskRabbit app attack the year after. Even tech giant Amazon declared that its AWS Shield service successfully mitigated such an attack in February 2020 – a 2.3 Tbps DDoS attack – the largest by far.
DDoS-for-hire services have also spurred in number due in part to the pandemic and shelter-in-place setup, and every business should be on the lookout for this new wave of attacks.
In recent years, remote work has also seen an unprecedented rise. During the pandemic, businesses had no choice but to rely on digital services and online communication tools to keep connected, whether for work or for personal reasons.
Work-from-home vulnerabilities have arisen due to the remote work setup. CISO’s Benchmark Report revealed that businesses have been struggling to manage phones and other mobile devices that remote workers use.
Personal devices are being used to access workspace tools like Slack, Zoom, and Teams. Work devices, on the other hand, are being used to send memes to colleagues, share posts on social media and other personal purposes. This crossover introduces new remote work threats, as it expands the risk surface of an organization and puts sensitive information in jeopardy. In fact, the report further reveals that 52% of businesses find mobile devices to be a major cybersecurity challenge.
It’s not only the technological element of the business that should be closely monitored. Studies have found that:
As admirable as it is, putting in extra hours constantly may affect the quality of an employee’s work and induce remote work risks. Worst case scenario, it may cause them to unintentionally divulge sensitive information and jeopardize the security of the business.
Security services provider Kaspersky revealed that Internet of Things (IoT) cyberattacks have more than doubled compared to the previous year, in the first half of 2021.
From 639 million attacks in Q1 of 2020, some 1.51 billion IoT breaches have been reported just within January to June 2021.
A majority of these (58%) utilized the telnet protocol. The intent of these MSP cybersecurity threats ranges from crypto mining to DDoS to data theft.
The most glaring of these IoT threats and vulnerabilities include:
Furthermore, according to the report:
An MSP needs to have the drive to improve their overall network security. Aside from educating employees on social engineering exploits and other MSP cybersecurity threats, as well as keeping software and firmware patched and updated, here are some other steps to achieve a more secure system.
An ongoing, cloud-based, automated backup solution is one of the best ways to guarantee data safety and security.
Ensure complete backups of emails, attachments, tasks and calendars are in a separate, secure system. Many solutions exist in the market, but it’s often difficult to find the right fit. Fortunately, Dropsuite provides these services with the following benefits:
Technology constantly evolves, and as long as bad actors exist, digital threats will evolve as well.
These five MSP cybersecurity threats may not be the only ones that MSPs like yours will face going forward. It’s up to businesses to counter this evolution by being proactive with protecting their data and preparing for the worst-case scenario as best they can.
Dropsuite allows you to effortlessly and securely backup, restore, and migrate all business-critical data. This is a great first step in preparing for whatever digital tempest comes your way.
To discover more about Dropsuite’s automated backup solution and capabilities, contact us here for a demo.