MSP Security: Protecting Your Customers Starts by Protecting Yourself

MSP Security: Protecting Your Customers Starts by Protecting Yourself

By Bill Yates

If you’re running a Managed Services Provider (MSP), you’re on the front lines of the war against security intrusions. Cybercrooks want to infect your system, because they want access to your customers. Scary thing is, they don’t even have to access your hardware to perform their dastardly deeds.

At the MSP Cybersecurity Theater on the Expo Floor of the ITEXPO held in Fort Lauderdale, FL, Marc Laliberte, senior security analyst at WatchGuard, outlined the major security threats MSPs face today. Technologies. He began at the company in tech support about seven years ago. Of course, he’s a hacker.

Thieves using stolen credentials and exploiting vulnerabilities in managed tools. Once they’re in, they’re running malicious code on PowerShell scripts that negate the need to infect the hard drive.

And now they’ve turned to MSPs to target their clients. “Crooks have learned that if they spend a little more time, they get more return on their investment,” Laliberte says.

Excluding poor password management, the top four security threats to your network:

  1. Ransomware
  2. Fileless malware
  3. Account takeover
  4. Spear phishing

Ransomware: You’re Fired!

A great way to get fired is to let your system get held for ransom. Last year, ransomware crooks turned their attention to MSPs. Their goal is to compromise all the MSP’s customers before you know they’re there.

Cyberthieves also are targeting healthcare companies, industrial control suppliers and local and state governments. “They’re going after specific verticals that can’t have any downtime at all,” Laliberte says. He says next on their list could be cloud storage companies.

In targeting MSPs, cybercrooks have added anti-malware evasions. They’re targeting backups so you’ll have no recourse, and they’re killing security processes along the way. All with the goal of going downstream and hitting your clients.

Fileless malware:

With file-based malware, eliminating the file often removed the threat. Now, many attacks begin with a short file that initiates a PowerShell script that holds the malicious payload. “Once it starts, it doesn’t matter if you wipe your hard drive clean,” he says.

Fileless malware never touches your hard drive or storage. Last year, PowerShell-based attacks were up 460%, Laliberte says. “It’s legitimate Windows tools turned against you,” he says.

To fight fileless intrusion, you need an intrusion protection system. Advanced malware detection, such as EDR software, also helps, Laliberte says.

Account takeover:

Account takeovers usually begin with a password breach. One tactic is password spraying, a brute-force method that applies the top 1,000 passwords to the attempt to break and enter.

Laliberte cites the top two threats to your network as the lack of multi-factor passwords and the reuse of passwords by lazy employees.

Multi-factor authentication helps prevent account takeovers. Laliberte also recommends offering phishing awareness training to your staff, as well as using advanced malware protection software.

Spear Phishing:

“Most attacks the days start with a phish,” Laliberte says. Multi-factor authentication can help fight the phish.  He estimates that up to 95% of attacks begin with a successful phishing campaign.

“Phishing is the leading cause when it comes to account takeovers,” he says. Poor email decisions are usually the cause. He recommends educating users and staff on elements of an email that give it away as a phish.

“Generally, there’s some sort of tell if it’s a phish or a spoof,” he says.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Communications Correspondent

SHARE THIS ARTICLE
Related Articles

LogMeIn Rescue, to the Rescue: Forrester Studies GoTo's Support Capabilities

By: Alex Passett    9/22/2023

Over a period of three years, a Forrester Total Economic Impact (TEI) study examined the business and financial benefits of LogMeIn Rescue, a flagship…

Read More

Canadian Managed IT Services Gear Up for Cybersecurity Awareness Month

By: Contributing Writer    9/22/2023

October, prominently known as Cybersecurity Awareness Month, is an annual observance and an intensified rally for Canada's premier IT service provider…

Read More

ITEXPO Exhibitor RingLogix Looks to TeamMate to Open New Possibilities for MSPs

By: Greg Tavarez    9/21/2023

The RingLogix and TeamMate collaboration enables MSPs to get the most out of Microsoft Teams as a collaboration solution.

Read More

Acronis Introduces Advanced Automation for MSPs

By: Stefania Viscusi    9/21/2023

Acronis Advanced Automation addresses a common challenge faced by MSPs, the increasing complexities businesses face with so many different initiatives…

Read More

Comprehensive Cybersecurity Solutions: Rackspace Taps Palo Alto Networks

By: Alex Passett    9/20/2023

Strengthening organizations' abilities to stay ahead of progressively evolving cyber threats and attackers is key. That's why Rackspace Technology has…

Read More