The Cyber Threat Landscape: What MSPs Need To Know
By Stephan Tallent, Fortinet
Given the current economic, political, and social situation, cybersecurity risk is an at all-time high. The pandemic and ensuing rise in remote work, the pending U.S. election, and the economic downturn have created a volatile and vulnerable business ecosystem that’s ripe for assault by cybercriminals.
MSPs have been at particular risk. In fact, the U.S. Secret Service recently issued a warning about increased cyber-attacks facing MSPs. Secret Service officials said they've been seeing threat actors hack MSPs to carry out attacks against point-of-sale systems, to perform business email compromise (BEC) scams, and to deploy ransomware.
This is building on a trend. MSPs present a high-value target for bad actors who have discovered that, if they can compromise one MSP, they can potentially laterally attack the many customers that an MSP supports. When an MSP is vulnerable to a cyberattack, it increases the vulnerability of all the businesses they serve. This is especially dangerous when malicious actors can misuse an MSP’s open source and enterprise applications used to conduct remote administration on customers’ networks to launch attacks.
The FBI issued warnings last year about increased threats to IT service providers such as MSPs as they typically have unrestricted access to their customers’ networks. Depending on the services being provided, MSPs may also store customer data on their own infrastructure. Given the close operational role MSPs have with their customers, once an MSP is breached, that breach introduces major risk to all the organizations they serve.
What follows is an overview of what threat researchers are seeing now and what MSPs need to do to protect their own organizations and their customers.
Social Engineering And Beyond
Social engineering is on the rise and enjoying great success. With all the public information now available online about companies and individuals, it has never been easier for attackers to practice social engineering. Even during normal times, cybercriminals prey on vulnerabilities and panic so it is no surprise that the current pandemic has only underscored the value and effectiveness of this method for those criminals hoping to capitalize on the situation.
Bad actors are exploiting the fears, uncertainty, and doubt being generated by the pandemic. In fact, new research from the first half of 2020 from FortiGuard Labs finds that cybercriminals and nation-state actors have leveraged the pandemic at a dramatic scale, using it as an opportunity to launch cyberattacks around the world. Many of these attacks are being delivered via email, often as mass spam campaigns.
However, the same report now shows that web-based attacks have surpassed email as the primary attack vector for pandemic-related attacks. The report also shows that of the five most heavily targeted sectors for ransomware attacks, MSSPs were second behind telecommunications providers, but ahead of education, government, and technology organizations.
In addition, threat researchers have also seen that many of these attacks are very targeted, either to specific organizations or specific individuals. The objective is to exploit the new remote workforce by compromising their often-unprotected devices and home networks and then launching attacks through remote connections back to the office.
Such campaigns thrive as fear and misinformation abound and people drop their guard in their desire to better protect themselves and their families. On top of this, both web and email-based threats are exploiting this sense of urgency and panic surrounding the pandemic, often masquerading as government health organizations, nongovernmental organizations, or suppliers of medical equipment. Similar attacks target social movements as well as events surrounding the pending U.S. presidential election.
Best Practices To Address The Ever-Changing Threat Landscape
The irony is that while MSPs are worrying about their customers’ security, they sometimes overlook their own internal security posture. Data loss incidents – due to such things as data storage compromise, ransomware, or the interception of transactions, whether inside or outside of the network – can have devastating effects on MSPs and their customers. The National Cybersecurity Center of Excellence (NCCOE) has even put out a list of recommendations specifically aimed at this sector.
From a technical point of view, it's important to keep track of administrative accounts and passwords. Every employee should use multi-factor authentication and use a password manager so they can have unique passwords for their different accounts. Additionally, organizations need to invest in training and awareness programs for their employees, as they are truly the first line of defense for the organization. Likewise, explaining why rules exist can make a big difference. Employee behaviors change when they understand the risk they are creating for the organization and its customers every time they violate a rule.
At a bare minimum, there are four core pillars of essential cybersecurity that organizations need to look at:
- Require multifactor authentication, unique passwords, and unified access controls.
- Identify and track all authorized and unauthorized devices anywhere on your network.
- Monitor IOCs and patch vulnerabilities as soon as patches become available.
- Use a “least privilege” model so each employee, device, application, and workflow only has access to those network resources and applications they require to do their job.
These may seem like small fixes that couldn’t be of much benefit on a large scale – which is precisely why so many organizations neglect them. However, small actions can yield a huge reward and that is exactly what happens when organizations commit to and consistently practice basic cyber hygiene. MSPs also would do well to seek out solutions that address a broad spectrum of functions, including network security and Security Operations Centers (SOC.)
Commit To Change
Today, there are exponentially more applications being used, more attacks in use, and more opportunities for attackers to breach networks as digital innovation expands our potential attack surfaces. One of the many after-effects of the pandemic includes new and increased attacks, many of them focused on social engineering exploits that target fears regarding the virus. Such attacks are successful because humans are, well, human; we want to know what’s going on and be assured that we have the information and resources we need.
But MSPs can’t afford this kind of error. While their employees are just as susceptible as those at any other organization, the impact of an error could leave every one of their customers open to a data breach. That would be catastrophic to the MSP, as well as to their customers, and that’s why a robust cybersecurity strategy is critical to surviving in the long term. And as part of that process, it's perfectly fine to realize that to tackle the current crop of challenges, changes need to be made.
What is perhaps most surprising is that rather than having to buy a new security system or hire more security team members, many MSPs will probably improve their posture most by simply engaging in basic and known best practices such as multi-factor authentication, password control, and cybersecurity awareness training for employees. Attending to the four fundamental pillars outlined above will help MSPs move forward with a stronger defense against the growing volume of attacks aimed specifically at them.
About The Author
As security services strategist and senior director of MSSP & Service Enablement at Fortinet, Stephan Tallent, CISSP formulates security strategy with more than 18 years of cybersecurity and managed services experience. His goal is to make a positive impact towards filling the cybersecurity skills gap. As a managed security services expert, Tallent provides thought leadership to the managed services industry and has presented on strategy worldwide at premier security conferences.