MSSPs "high-value" targets for cyber attackers


Monday, 02 March, 2020

MSSPs "high-value" targets for cyber attackers

Managed security service providers (MSSPs) are becoming high-value targets for cybercriminals, according to BlackBerry Cylance’s 2020 Threat Report.

Mid-2019 saw a new ransomware called ‘Sodinokibi’, ‘Sodin’ or ‘REvil’ compromise businesses and some US government agencies following “targeted phishing attacks” of their managed service providers (MSPs) and MSSPs.

Threat actors gained a foothold in target organisations via remote management tools such as Go2Assist or Ninja RMM and stole credentials using Passcape’s password recovery tool. They then accessed and disabled servers hosting security software and connected to domain controllers to exploit “existing software deployment tools to push ransomware to every machine in the environment”, the report said.

It called on MSPs and MSSPs to be particularly vigilant in 2020 and beyond as successful attackers can “easily pivot to the hundreds of other diverse and vulnerable targets in the environment”.

Cybercriminals are also targeting other software and technology firms, stealing intellectual property or establishing malware distribution platforms that can be used for supply chain attacks. Additionally, over a quarter of companies included in the report fell prey to ransomware attacks in 2019.

Ransomware is projected to continue being used against technology, healthcare, government and other organisations throughout 2020, particularly as ransomware-as-a-service increases in availability.

“Threat intelligence on [advanced persistent threat] APT groups can help organisations understand who is attacking their enterprise, and the actor’s mode of operations and motives, in order to be more proactive in protecting vulnerable systems against advanced threats,” said BlackBerry Cylance Chief Evangelist Brian Robison.

“In 2020, AI and machine learning will continue to prove critical for threat prevention and remediation strategies because of the advantage they offer through continuous learning and proactive threat modelling of attacks that continue to become more complex.”

The full report can be found via BlackBerry’s website.

Image credit: ©stock.adobe.com/au/suebsiri

Related News

DigiCert acquires Valimail to boost email security

DigiCert has acquired DMARC provider Valimail in a bid to enhance its email authentication...

Akamai adds secure browser to ZTNA portfolio

Akamai has partnered with Seraphic to incorporate secure enterprise browser capabilities into its...

Rubrik announces CrowdStrike Falcon integration

Rubrik has announced the integration of its Rubrik Identity Resilience solution with the...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd