Cyber Attacks Targeting IT Service Providers


Cyber Attacks Targeting IT Service Providers

By Greg Tavarez

A simple solution to help fix any aspect of ransomware does not exist. That being said, progress is seen. For instance, in Q1 2019, 85% of cases handled by Coveware ended with the cybercriminal receiving a ransom payment. In Q1 2022, that number dropped to 46%.

The drop in ransom payments came despite the war in Ukraine being a catalyst for cybercriminals and ransomware gang Conti publicly announcing its allegiance to the Russian administration.

What is also changing is the targets.  Trellix research shows that companies providing IT, finance and other types of consulting and contract services were targeted by bad actors more often. It makes sense, since a single service provider breach can potentially disrupt or provide access to multiple businesses with a single attack.  The reward for cyber criminal is high/

Businesses accounted for almost two-thirds of U.S. ransomware detections. Business services were also the second most targeted sector behind telecom, 53%, across global ransomware, malware, and nation-state backed attacks in Q1 2022.

When it comes to the healthcare industry, Trellix notes specifically there is a risk due to easier access points because medical devices and software are falling short in fundamental security practices and are ripe with RCE vulnerabilities. Medical devices and software are a weak point for attackers to exploit, and internal and external security testing across developers and researchers need to be encouraged more often.

Email is another common attack vector. Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most malicious emails detected contained a phishing URL used to steal credentials or lure victims to download malware.  Trellix also identified emails with malicious documents. The documents contained macros that work as downloaders or exploits that result in the attacker gaining control of the victim system. In addition, many emails include malicious executables like infostealers or trojans attached.

“Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back,” said Christiaan Beek, lead scientist and senior principal engineer, Trellix. “Global threat actors have novel cyber artillery ready to deploy in case of escalation, and organizations need to remain vigilant.”

Edited by Erik Linask

MSPToday Editor

Related Articles

BackBox Changes Automation Tool Use Through SaaS Network Automation Platform

By: Greg Tavarez    8/8/2022

BackBox, the network automation, security and management provider released the latest version of the Backbox Automation Platform to add cloud-based Sa…

Read More

Branded vs White-Label: Can Your White-Label MSP Handle the Service Calls?

By: Bill Yates    8/8/2022

Should you put your MSP's name on the products you sell? Or are you better off selling products with the vendor's brand?

Read More

Deploy Analytics Anywhere with Analytics Plus from ManageEngine

By: Greg Tavarez    8/5/2022

ManageEngine is offering its IT analytics product, Analytics Plus, as a SaaS offering to enable users to set up a fully functional, integrated analyti…

Read More

Nomosphère Brings Wi-Fi from Cambium Networks to CASVP

By: Stefania Viscusi    8/5/2022

Nomosphère will be providing Cambium Networks wireless networking solutions to its 294 locations across Paris.

Read More

Why MSPs Should Undergo Valuation Every Year

By: Bill Yates    8/5/2022

In an industry rip with acquisition, MSPs should prepare for every opportunity and undergo a valuation annually.

Read More