In our last post, we discussed five of the top cyber security trends for 2020. Security analysts are predicting that phishing attacks will continue to increase, and that hackers will accelerate their use of AI-powered tools to automatically carry out attacks. Mobile devices will be targeted, as will data that’s stored in the public cloud without effective security controls. Analysts are also expecting an increase in “ripple effect” incidents in which multiple parties in a supply chain are attacked.
What if one of those parties is a managed services provider (MSP)? Given that MSPs have deep access into their customers’ systems and network, a successful attack on their software tools and systems could have a devastating effect.
Alarmingly, that’s exactly what’s happening.
On Oct. 3, 2018, the National Cybersecurity & Communications Integration Center (NCCIC) issued an alert about advanced persistent threats (APTs) targeting MSPs, managed security services providers (MSSPs) and cloud service providers (CSPs). An APT is tactic in which an attacker, often a state-sponsored group, gains unauthorized into a network with the goal of remaining their indefinitely. Over time, the attacker can quietly gather data and find vulnerabilities in systems.
Attacks on Managed Security Services Providers
According to the NCCIC, the attacks on MSPs have been going on since at least May 2016. The attackers are using stolen administrator credentials to gain full access to systems and install sophisticated malware. Because the access seems legitimate, traditional monitoring tools are unlikely to detect it.
It makes sense that hackers would try to infiltrate IT service providers. By infiltrating an MSP’s network, hackers could compromise the systems of a large number of companies in a wide range of industries.
And they have been able to do so. In July and August, ransomware attacks struck several Louisiana school districts and 23 Texas municipal governments. Authorities believe the attacks were carried out via an MSP. In all, researchers have identified 13 MSP-related ransomware attacks impacting multiple customers. One MSP paid the attackers more than $150,000 to recover customer data that was not protected by an offline backup.
One MSP paid the attackers more than $150,000 to recover customer data.
Affected MSPs weren’t following best practices
So far, none of the attacks has been traced to vulnerabilities in the remote monitoring and management (RMM) software that MSPs use to access and administer their customers’ systems. It appears that the affected MSPs weren’t following best practices with regard to the credentials they use to log in to their RMM systems.
The NCCIC is advising organizations to not assign enterprise or domain administrator rights to MSPs, to restrict MSP account access and to ensure that the MSP follows the organization’s password policies. MSPs are being urged to review their credential management, authentication controls, network architecture and defense-in-depth posture, and to use two-factor authentication and advanced malware protection.
GDS Customers Can Rest Easy
While this advice is sound, we at GDS believe that MSPs should not have to be told these things. They should be well aware of security best practices and follow them to the letter. Unfortunately, MSPs vary widely in their knowledge and capabilities.
GDS customers need not fear an attack via our systems. We use the same state-of-the-art security tools that we recommend to our customers, and follow strict policies and procedures governing access to our customers’ systems. Our team maintains top certifications from industry-leading security vendors, and has extensive real-world experience in preventing, detecting and mitigating cyberattacks.
With all the security threats on the horizon in 2020, you shouldn’t have to worry about your MSP. Contact GDS to discuss the steps we take to protect your systems.
Benefits of Managed Security Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.