MSPs are the Holy Grail for Cybercriminals! Are You Protected?

Cybersecurity, MSP
The Holy Grail basking in light

Indiana Jones fans will likely remember the line from the “Last Crusade,” where Dr. Henry Jones tells his son, “The search for the holy grail is not about archeology. It’s a race against evil!” Just as Indy and his father were trying to stop the bad guys from getting their hands on the literal holy grail, MSPs are similarly tasked with stopping cybercriminals from gaining access to another holy grail—the data they house for clients.

MSPs hold the keys to the kingdom when it comes to data access and, while a typical day won’t involve leaping from trains to protect it like the fictional professor, they still need to take action to keep themselves and their SMB customers safe.

What Tactics Are Cybercriminals Using Against MSPs?

There are several strategies cybercriminals use in an attempt to breach MSPs.

Island Hopping

“Island hopping” is a term for network-based attacks where cybercriminals infiltrate one network for the purpose of “hopping” onto an affiliate network. For example, if an MSP is breached, hackers can access partner or SMB customer accounts, “hop” over, and breach their systems. They can also jump from a partner or SMB customer over to you! SMBs in certain industries are particularly vulnerable to island hopping, including HR, marketing, finance, and healthcare.

APT Attacks

Cybercriminals often use advanced persistent threat (APT) attacks to force their way in. These attacks are executed with the intent to surveil your systems and steal data slowly over an extended period of time. For example, last October, the U.S. Department of Homeland Security (DHS) warned MSPs about cybercriminals hacking customers’ networks and advised to lock down systems and data against supply chain attacks.

Watering Holes

Similar to island hopping, cybercriminals target third-party websites frequented by your partners or customers to steal usernames and passwords. After they acquire credentials from one site, hackers test them across multiple sites to see if accounts match. This is known as a “watering hole” attack and, in some cases, your credentials can be sold or otherwise acquired on the Dark Web. Financial institutions and retailers are repeat targets of these attacks by those seeking their access to large banks and customer credit card data.

Phishing Attacks

Phishing attacks remain a top threat for MSPs. Both island hopping and watering hole attacks use phishing to access MSP and SMB data. What’s alarming is that many phishing sites now use SSL certificates and HTTPS to trick internet users into believing that the pages are secure. Sadly, this type of phishing attack is increasing, with the number of malicious sites growing by 220% in 2018 alone. 

Strategies for Protecting You and Your SMB Customers

Unfortunately, you can’t hire an ageless knight to protect your business from an attack, but you can follow these best practices to ensure that your data remains secure:

  • Practice cyber hygiene by keeping systems patched and up-to-date.
  • Always use two-factor authentication (2FA) when signing into any website, create 2FA security for systems, and teach customers to use 2FA.
  • Don’t auto-save passwords and remind customers not to save their passwords to their MSP’s site or system.
  • Perform regular cybersecurity auditing every six months.
  • Avoid tools that are easy to compromise, like remote desktop protocol (RDP).
  • Use cybersecurity solutions with AI/machine learning – there’s power in prediction!
  • Undertake regular security awareness training (SAT) and offer it to customers. Studies show that end users are 70% less likely to fall for a phishing attempt after 12 months of SAT.
  • Partner with trusted cybersecurity experts.
  • Stay informed about current threats and look for MSP-specific warnings and advisories.

If you’d like to learn more about how to prevent island hopping and other cyberattacks, join Webroot experts on September 12 at 2 p.m. EDT for our exclusive webinar: “Using Prediction to Get to Predictable.”

What’s next?

I encourage you to start a free Webroot trial to see for yourself how our solutions can help you prevent threats and maximize growth: Endpoint Protection | DNS Protection | Security Awareness Training.

 

Person using a mobile app on phone

Introducing the Kaseya Fusion Mobile App

The world of technology has witnessed some massive changes over the past decade with smartphones emerging as the most ubiquitousRead More

3D People standing around mobile phone

Empower Your Business with Powered Services

Selling complex solutions is hard. It’s even more difficult when your potential customers aren’t very familiar with the nuances andRead More

More Efficiency with Mobile Apps for MSPs

Boost MSP Technician Efficiency With Mobile IT Solutions

Most managed service providers have less than 10 employees. A key part of their workforce includes multi-functional technicians who cater to all theRead More

RMM and PSA integration

Faster MSP Growth With Smarter RMM and PSA Integration

The fact that most MSPs consider remote monitoring and management (RMM) as the application most important to them is of little surprise.Read More

Connect IT - You're Invited! - Join us at MGM Grand Las Vegas - May 4th - 7th, 2020
Get the 2019 Kaseya State of IT Operations Report - Download Now

Archives

Categories