MSSPs "high-value" targets for cyber attackers

Managed security service providers (MSSPs) are becoming high-value targets for cybercriminals, according to BlackBerry Cylance’s 2020 Threat Report.

Mid-2019 saw a new ransomware called ‘Sodinokibi’, ‘Sodin’ or ‘REvil’ compromise businesses and some US government agencies following “targeted phishing attacks” of their managed service providers (MSPs) and MSSPs.

Threat actors gained a foothold in target organisations via remote management tools such as Go2Assist or Ninja RMM and stole credentials using Passcape’s password recovery tool. They then accessed and disabled servers hosting security software and connected to domain controllers to exploit “existing software deployment tools to push ransomware to every machine in the environment”, the report said.

It called on MSPs and MSSPs to be particularly vigilant in 2020 and beyond as successful attackers can “easily pivot to the hundreds of other diverse and vulnerable targets in the environment”.

Cybercriminals are also targeting other software and technology firms, stealing intellectual property or establishing malware distribution platforms that can be used for supply chain attacks. Additionally, over a quarter of companies included in the report fell prey to ransomware attacks in 2019.

Ransomware is projected to continue being used against technology, healthcare, government and other organisations throughout 2020, particularly as ransomware-as-a-service increases in availability.

“Threat intelligence on [advanced persistent threat] APT groups can help organisations understand who is attacking their enterprise, and the actor’s mode of operations and motives, in order to be more proactive in protecting vulnerable systems against advanced threats,” said BlackBerry Cylance Chief Evangelist Brian Robison.

“In 2020, AI and machine learning will continue to prove critical for threat prevention and remediation strategies because of the advantage they offer through continuous learning and proactive threat modelling of attacks that continue to become more complex.”

The full report can be found via BlackBerry’s website.

Image credit: ©stock.adobe.com/au/suebsiri