Cyber Attacks Targeting IT Service Providers


Cyber Attacks Targeting IT Service Providers

By Greg Tavarez

A simple solution to help fix any aspect of ransomware does not exist. That being said, progress is seen. For instance, in Q1 2019, 85% of cases handled by Coveware ended with the cybercriminal receiving a ransom payment. In Q1 2022, that number dropped to 46%.

The drop in ransom payments came despite the war in Ukraine being a catalyst for cybercriminals and ransomware gang Conti publicly announcing its allegiance to the Russian administration.

What is also changing is the targets.  Trellix research shows that companies providing IT, finance and other types of consulting and contract services were targeted by bad actors more often. It makes sense, since a single service provider breach can potentially disrupt or provide access to multiple businesses with a single attack.  The reward for cyber criminal is high/

Businesses accounted for almost two-thirds of U.S. ransomware detections. Business services were also the second most targeted sector behind telecom, 53%, across global ransomware, malware, and nation-state backed attacks in Q1 2022.

When it comes to the healthcare industry, Trellix notes specifically there is a risk due to easier access points because medical devices and software are falling short in fundamental security practices and are ripe with RCE vulnerabilities. Medical devices and software are a weak point for attackers to exploit, and internal and external security testing across developers and researchers need to be encouraged more often.

Email is another common attack vector. Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most malicious emails detected contained a phishing URL used to steal credentials or lure victims to download malware.  Trellix also identified emails with malicious documents. The documents contained macros that work as downloaders or exploits that result in the attacker gaining control of the victim system. In addition, many emails include malicious executables like infostealers or trojans attached.

“Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back,” said Christiaan Beek, lead scientist and senior principal engineer, Trellix. “Global threat actors have novel cyber artillery ready to deploy in case of escalation, and organizations need to remain vigilant.”

Edited by Erik Linask

MSPToday Editor

Related Articles

Cloud Optimization is Key to Managing Costs and Driving Digital Transformation

By: Matthew Vulpis    12/2/2022

The average company wastes as much as 35 percent of its cloud budget because they don't have the right cloud optimization tools to manage usage.

Read More

N-able Continues to Expand Support for MSPs

By: Stefania Viscusi    12/2/2022

N-able has expanded it distribution network to more effectively support its MSP and reseller partners across the globe.

Read More

TBI Adds Aryaka's SD-WAN and SASE to Supplier Portfolio

By: Stefania Viscusi    12/2/2022

Technology services distributor TBI has announced the addition of Aryaka Networks, a provider of unified SASE and SD-WAN solutions, to its supplier po…

Read More

As Crypto Scams Skyrocket, Pax8 Alerts MSPs to Risks

By: Matthew Vulpis    12/1/2022

The FTC warned earlier this year that "cypto has several features that are attractive to scammers," a reason why reported losses in 2021 were nearly 6…

Read More

Pure IP Launches Microsoft Teams Partner Program for MSPs

By: Stefania Viscusi    12/1/2022

Pure IP's eVoc2 program is designed to help MSPs and telcos offer business telephony services with Microsoft Teams using Operator Connect.

Read More