As Crypto Scams Skyrocket, Pax8 Alerts MSPs to Risks


As Crypto Scams Skyrocket, Pax8 Alerts MSPs to Risks

By Matthew Vulpis

In the last few weeks, Pax8, a global cloud marketplace for MSPs and the SMBs and enterprises they serve, noticed an uptick in compromised Azure and AWS accounts used for crypto mining. Urging their MSP partners to pay attention, especially during the holiday season when cybercriminals are more prevalent, Pax8 sent an email to its 25,000 MSPs cautioning, “Don’t let your guard down and stay alert.”

The email continued, “We want to remind you of the security guidelines for securing identities and workloads to monitor Azure cost management spending. If you choose not to follow these security guidelines, you are making it easier for malicious actors to succeed and could be at risk for substantial unauthorized charges accumulated by these bad actors.”

Pax8 recommends several steps for MSPs to take, starting with setting up Multi-Factor Authentication (MFA) on Microsoft Accounts, which makes those accounts more resistant to phishing and channel jacking, and cited an article posted by Microsoft on how to enable MFA.

Pax8 also pointed out that Cost Management Alerts can be set up to monitor Azure usage and spending. Cost alerts are automatically generated based on when Azure resources are consumed, and alerts show all active cost management and billing alerts in one place.

“When your consumption reaches a given threshold, alerts are generated by Cost Management,” Pax8 said, referencing another Microsoft article on how to use cost alerts to monitor usage and spending.

Finally, Pax8 suggests MSPs study customer security best practices and recommends that their partners open a support ticket in the Pax8 platform for additional help and guidance.

These threats have been growing throughout 2022, and not just impacting Azure accounts, but AWS and Google accounts as well.

For example, Netskope Threat Labs found that attackers have been creating phishing pages in Google Sites and Microsoft Azure Web App to steal cryptocurrency wallets and accounts from Coinbase, MetaMask, Kraken, and Gemini.

The U.S. Federal Trade Commission warned earlier this year that “Crypto has several features that are attractive to scammers, which may help to explain why the reported losses in 2021 were nearly sixty times what they were in 2018. There’s no bank or other centralized authority to flag suspicious transactions and attempt to stop fraud before it happens. Crypto transfers can’t be reversed – once the money’s gone, there’s no getting it back. And most people are still unfamiliar with how crypto works. These considerations are not unique to crypto transactions, but they all play into the hands of scammers.”

Edited by Erik Linask

Content Contributor

Related Articles

GFI Software Named a Platinum Sponsor for MSP Expo 2023, Part of the #TECHSUPERSHOW

By: TMCnet News    1/31/2023

MSP Expo is the premier conference and networking summit for MSPs. This is where MSP business owners and technology specialists share strategies to gr…

Read More

Pioneering Technologist Klaus Dimmler Named Pax8 Chief Science Officer

By: Arti Loftus    1/30/2023

Pax8 announced a newly created position, Chief Science Officer (CSO) - as part of the company's mission to bring transformational cloud solutions to t…

Read More

Advanced MSPs Are Helping Law Firms Embrace Cloud

By: Reece Loftus    1/30/2023

This is the perfect time for law firms to embrace digital transformation and to take full advantage of automation for operational optimization.

Read More

Iron Bow Ramparts Cybersecurity Portfolio with GuardSight

By: Greg Tavarez    1/30/2023

Iron Bow is set to deliver holistic zero trust cybersecurity solutions with its acquisition of GuardSight.

Read More

Grain Expands Activity in Managed Services Sector with Spectrotel Acquisition

By: Greg Tavarez    1/27/2023

Grain acquired Spectrotel, a next-generation aggregator and integrated technology services provider.

Read More