MANAGED SERVICE PROVIDERS ARE increasingly in the crosshairs of cybercriminals eager to use them as a gateway into their customers’ networks.
The latest example is a series of highly publicized attacks by the Chinese cyberespionage group APT10, which successfully compromised several businesses by utilizing malware to hack their MSPs. These schemes have been going on for some time, according to Jason McNew, founder and CEO of Stronghold Cyber Security LLC, a Gettysburg, Pa.-based firm that specializes in cybersecurity risk management.
The majority of perpetrators launch their attacks from Eastern Asia. “At the direction of the Chinese government, they are increasing reconnaissance of smaller businesses,” explains McNew. “They know the key to getting into many of their networks is through their MSPs.”
It’s only logical that cybercriminals would target IT providers considering that they enjoy network privileges with multiple business clients, notes Mike Bloomfield, president of Tekie Geek LLC, a managed service provider based in Staten Island, N.Y. “They don’t need to work hard when they can infiltrate a single entity to gain access to hundreds of other systems,” he notes.
The consequences could be serious—if not fatal—for MSPs whose customers suffer data breaches due to their own security failures. “If you came to work and found that all of your customers had been breached—through your firm—you would probably go out of business,” observes Mike Puglia, chief product officer for Kaseya Ltd., a global provider of IT management and security software with headquarters in Miami and New York City.
Experts advise MSPs to adopt technologies like two-factor authentication and look closely at their operational practices. That includes reviewing procedures for onboarding and discharging technicians, assessing data storage locations and system access rights, and evaluating employee security policies. Bad practices, such as technicians sharing logins, should be eliminated.
“You’ll find that your operation may not be running exactly as you thought, which creates low-hanging fruit for hackers,” Puglia says.
McNew also suggests MSPs develop their own comprehensive cybersecurity programs. The National Institute of Standards and Technology and other IT security-focused organizations provide effective frameworks for those plans. “Find one you like and develop a program that fits your organization,” suggests McNew.
He also advises MSPs to implement Internet Protocol version 6 (IPv6). “It has such a low level of adoption that current malware strains are not written to deal with it,” McNew says. “They’re all written for the IPv4 stack.”
Finally, it helps to remember that for all the complexities involved with IT security, it really doesn’t take much to deter the average cybercriminal. “They’re no different from the burglar who rings your doorbell first to make sure that you aren’t home,” Bloomfield notes. “They’re looking for that ‘easy score’ and don’t want to deal with any headaches.”