Five Security “Gotchas” for MSPs

Managed service providers (MSPs) serve a broad range of markets, from construction to healthcare; accounting to legal; staffing firms to manufacturing; media and advertising to technology. Even across these diverse verticals, the day-to-day MSP challenges remain the same with regards to cybersecurity. After all, an MSP managing 76 different companies with over 2,000 endpoints is very valuable to a hacker.

Cyber-criminals are skilled at finding the weakest cybersecurity link so often will target end-users, whose trust can be easily exploited, to infiltrate these networks. They will use phishing, watering hole and other social engineering tactics to trick end-users.

The increase in global internet security threats means businesses now have to allocate a significant portion of their budget to protecting their users, monetary assets, data and intellectual property. Here are some of the most important security issues that MSPs need to consider stopping.

Polymorphic malware 
For several years, one of the important trends in malware and Potentially Unwanted Application (PUA) executables has been polymorphism. The latest version of our Annual Threat Trend Report discovered that 94% of the malware and PUA executables observed were only seen once, highlighting the prevalence of polymorphism. 

Polymorphic malware and PUAs, such as spyware and adware are generated by attackers in ways that make each instance unique. This is designed to go around traditional security measures which work off a blacklist of malicious executables delivered to a large number of people. 

Phishing attacks have grown at an unprecedented rate in 2017, with 1.385 million new, unique phishing sites created each month, an average of more than 46,000 new phishing sites created per day. The sheer volume of new sites makes phishing attacks difficult to defend against. 

Today, phishing attacks are highly targeted, sophisticated, hard to detect and difficult for users to avoid. The latest phishing sites employ realistic web pages that are almost impossible to find using web crawlers, and they trick victims into providing personal and business information.

Unsecured RDP Connections
Cyber-criminals continue to use unsecured Remote Desktop Protocol (RDP) connections to infect victims. RDP has proven its value over the years as an easy and convenient way to control servers and other machines remotely, but not without risks.

Unfortunately, the default setup of the embedded Microsoft protocol has port 3389/TCP left open and the admin account username as “administrator”. Also, default configurations allow a very large number of login attempts before any alert or account lockout is triggered.

Even if users feel their password is secure enough, cyber-criminals will use brute force programs to eventually bust their way in. Once a skilled hacker has remote access to a victim’s desktop it’s pretty much game over from a protection standpoint. Using specialized tools or custom malware, the attacker will be able get past any security solution or just disable it entirely. 

This highlights that not everything can be left up to the vendor to secure your environment. Make sure you encrypt your connections and create policies for maximum number of login attempts.

DDoS attacks
The idea of controlling multiple, high-bandwidth devices for launching DDoS attacks has always tempted cyber-criminals. As such, it’s no surprise DDoS attacks continue to surge as cyber-criminals leverage them to take down the entire network of an organization.

The emergence of IoT technologies has only made this a more lucrative option. Recently, the industry saw how JenX botnet leveraged Grand Theft Auto videogame community to with prime goal of infecting IoT devices. This particular botnet used the same techniques and codes as the 2016 Mirai botnet.

Although the attack in question was unsuccessful, it does raise concerns within the wider industry that we can expect to see more IoT devices that are part of a botnet distributing malware or launching DDoS attacks.

According to our data, crypto-jacking is gaining traction and could turn out to be even more profitable and anonymous, as it requires less effort than other attacks. Instead of stealing a victims’ files and ransoming them for money, the cyber-criminals steal victim’s CPU money power to mine cryptocurrency. Since there’s no malware payload, the user often remains blissfully unaware they are being targeted. 

Time to take action
With the ever-increasing number of modern blended attacks and connected technologies such as the “Internet of Everything”, managing security cannot be accomplished by solely purchasing equipment or security services. Instead, MSPs need to take a fundamentally different approach to endpoint security.

For an MSP, time is money. If even one technician spends an entire day remediating a customer’s malware infection, that entails a significant loss to an MSP’s business. The MSP market is rapidly expanding, and growing ever more competitive.

The ability to cost-effectively keep client IT environments protected and productive will play a significant role in determining how effectively MSPs can build, solidify and broaden their client base in the future. 

To maintain success and grow profits, today’s MSPs need automation and simple, low-maintenance management that can protect against the five security “gotchas.”

What’s Hot on Infosecurity Magazine?