zephyr_p - stock.adobe.com
MSPs and MSSPs being targeted by ransomware spreaders
BlackBerry Cylance report highlights the increasing targeting of managed service providers by those hoping to hijack them to reach users
Managed security service providers (MSSPs) and managed service providers (MSPs) are firmly in the sights of cyber criminals, who view the channel as an attack point to spread ransomware.
The BlackBerry Cylance 2020 threat report highlighted the vulnerable position that managed service providers find themselves in and called for more action to be taken to increase the defences in those businesses.
“Advanced persistent threat groups and other adversaries released updated malware and displayed innovative attack techniques throughout 2019. Their focus on improving encryption routines and concealing malicious payloads through steganography raised the bar for security researchers and threat detection solutions,” the report stated. “Threat actors were also able to widely distribute attacks by compromising managed security service providers and infiltrating their customers’ environments.”
One example the report charted was the way MSSPs are increasingly being targeted by criminals looking to get ransomware deployed at the user level.
“In most cases, the initial compromise occurred via targeted phishing attacks aimed at MSPs and MSSPs managing IT and security within the target organisation. The threat actors would leverage a foothold in the target organisation by using remote management tools like Go2Assist or NinjaRMM,” the report stated.
“MSPs and MSSPs are proving to be high-value targets for threat actors. Once attackers establish a foothold, they can easily pivot to the hundreds of other diverse and vulnerable targets in the environment. Making sure MSPs and MSSPs use effective cyber security tools will be critical for organisations in 2020.”
NinjaRMM stated that it has taken steps to securing its platform and last summer instituted an enforced MFA across its entire customer base and followed best practices around secure coding and securing its infrastructure. It added that it had undergone external assessments performed by third parties in both 2018 and 2019, and adhered to US Department of Defense data privacy guidelines, and as of this month was working with a top AICPA accredited audit firm on SOC 2 certification.
MSPs have already been alerted to the consequences of not taking their own security seriously, with those that fail to protect customers at risk of being blamed by customers.
Eric Cornelius, BlackBerry Cylance
WatchGuard shared findings last September around three MSP ransomware attacks that surfaced in the summer. In all of the cases, attackers had hijacked the managed service providers’ internal management tools to distribute Sodinokibi ransomware to their customers.
Added to that was earlier research from Datto, towards the end of 2018, which found that across Europe an increasing number of MSPs were reporting attacks on their customer base. In March last year, Webroot found that almost half of UK small and medium-sized enterprises (SMEs) feared that a cyber attack could put them out of business.
The latest piece of evidence from BlackBerry Cylance should jolt those managed service players that are yet to take steps to improve their security.
The overall findings from the report included warnings that automotive and retail industries should brace themselves for more threats to exploit the rise in connected vehicles.
There was also a sense that the criminals continue to develop more sophisticated attacks, with ransomware evolving and increased use of host-encrypted malware.
“New techniques to obscure malicious payloads and distribute attacks across multiple organisations paid off for threat actors in 2019,” said Eric Cornelius, chief technology officer at BlackBerry Cylance.
“With the increasing ease of access to attack toolkits, combined with the explosion of endpoints connected to organisations’ networks, the global threat landscape for emerging threats will only continue to escalate in 2020,” he added.