In the battle to keep client data, endpoints, and infrastructure protected, service providers often find themselves facing a better armed and more tenacious enemy in today’s cybercriminals. While managed service providers (MSPs) often make do with the legacy solutions they’ve relied on for years, the crooks behind today’s threats are leveraging tremendous amounts of computing power and cutting-edge technologies like artificial intelligence to make their attacks more effective.
Attackers are automating parts of their attack chain. More than 350,000 new malware samples are reported by the AV-Test Institute every day, and the cybersecurity experts at the global network of Acronis Cyber Protection Operations Centers (CPOCs) have seen a tremendous uptick in the frequency of cyberattacks and sophistication of new malware strains during the past several months.
It’s more important than ever for the IT channel community to be aware of the latest cyberthreats, so I’d like to share three of the most pressing concerns the Acronis CPOCs have identified as we monitor the threat landscape for our MSP partners.
Hopefully these insights and the accompanying recommendations can help better prepare the channel and help you keep your clients protected.
1. Increases in targeted ransomware attacks
One of the biggest cyberthreats businesses have faced in recent years is targeted ransomware attacks. Now, we are seeing cybercriminals go after service providers in order to reach their clients. The cloud services provider Blackbaud was hit with a ransomware attack in May, for example, and that attack affected dozens of their non-profit, educational, and healthcare clients.
For cybercriminals, service providers are juicy targets because they multiply the reach of a successful attack. Instead of just one victim, a service provider represents multiple potential victims that can be blackmailed. That’s critical because ransomware attacks are no longer about just encrypting data. Today, the main goal is to steal valuable, proprietary data and convince the victim to pay to stop that data from being released publicly. The more victims one successful attack delivers to the cybercriminals means they have a greater likelihood of one or more of the victims paying, creating an even greater potential payday.
A weak or stolen password of an administrator at a service provider can be all that is needed to access the cloud console. It is therefore vital to have a proper identity and access control management implemented. Two-factor authentication should be the minimum standard across all accounts for any service provider.
2. Remote work vulnerabilities
With most employees working from home recently, we have also seen an increase in cyberattacks against exposed services such as RDP or VPN servers. With more than 100 vulnerabilities patched by Microsoft each month alone, there is no shortage of vulnerabilities for cybercriminals to exploit.
More relevant for service providers is the other side of this digital transformation – the move to the cloud. Many companies have moved to cloud applications, leading to many badly configured cloud services. Our CPOCs have seen an increase in misconfigured AWS S3 buckets, Elasticsearch databases, and collaboration apps – mistakes that can lead to data breaches and expensive fines under GDPR.
Of course, the move to the cloud also means less visibility for an end customer. Often, the available log files from the cloud are not ingested or there are no automated monitoring capabilities in place. Having visibility into what is going on with your data is vital to protecting it. Combine this lack of visibility with the lack of expert resources, and it’s no wonder many customers seek help from their MSP to provide SOC or MEDR monitoring.
3. Smart use of automation and integration
With waves of new cyberattacks crashing over service providers and their clients, automation will be a key capability in the future. Many of the steps needed to resolve issues will be handled by automated tasks – to the point where only the special cases would need human interaction.
The consolidation of solutions is also a clear trend for the future, as the benefits to service providers are undeniable. Consolidated solutions enable service providers to reduce the overall complexity of their management and protection, while making it easier for them to respond with integrated solutions from within one console.
The key is being careful when automating a business process. We have noticed an uptick in attackers who are trying to exploit errors in the process logic to their advantage. This can range from misusing automated password reset functions to get access to a customer’s portal, changing package deployment scripts to contain malware, or altering the bank account number for refunds to an account controlled by the criminals.
Never forget that the attackers are constantly researching their targets in detail to understand how they operate – and where opportunities to compromise systems and processes might exist.
Bottom line for MSPs
With the threat landscape constantly changing it is critical for MSPs to stay up-to-date on the latest cyberthreat trends. Having a better understanding of the current cybersecurity risks that threaten your clients and impact your own business will help you respond with both the right cyber protection strategies and solutions, minimizing the impact of any future cyberattack.
To get regular updates from the cybersecurity experts at Acronis’ global network of CPOCs, subscribe to the Acronis Blog to automatically receive their weekly video updates on the latest cyberthreats, Acronis Cyber Protection Operations Center News.
Author Candid Wüest is vice president of cyber protection research at Acronis. Read more guest blogs from Acronis here.
