The U.S. government has issued a warning following a spate of MSP cyberattacks by nation-state sponsored hackers.
Homeland Security Warns of Targeted MSP Cyberattacks
Managed service providers (MSPs), cloud service providers (CSPs), and managed security service providers (MSSPs) have been warned about an increase in malicious cyber activity and targeted attacks on IT service providers. Nation-state sponsored hackers are targeting IT service providers in an attempt to gain access to their networks, and ultimately, those of their clients.
It is not difficult to see why MSPs, CSPs, and MSSPs are such an attractive target. These IT service providers usually have administrator access to their clients’ networks or certainly elevated privileges that could allow an attacker to gain access to servers, security appliances, and databases of multiple clients.
The threat of attack is theoretical. There has been an increase in MSP cyberattacks in recent months, so much so that the U.S. Department of Homeland Security (DHS) has issued a warning to all IT service providers specifically due to an increase in attacks on IT service providers by Chinese government-backed hackers.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued cybersecurity guidance for IT service providers on steps that need to be taken to improve security, detect attacks quickly, and prevent threat actors from gaining access to their clients’ networks. Since companies that use IT service providers have also been warned of the risk of attack through their IT companies, MSPs, MSSPs and CSPs are likely to be contacted by clients wanting reassurances.
IT service providers should therefore be proactive and n ensure that CISA guidance is being followed to better protect themselves and their clients.
Feds Launch Campaign to Raise Awareness of Cyber Risks
CISA is not the only government agency to issue a warning in the past few days. The Trump administration has launched a new campaign to raise awareness of cyber risks in all industry sectors. The “Know the Risk, Raise your Shield campaign is being spearheaded by the National Counterintelligence and Security Center (NCSC) at the Office of the Director of National Intelligence. The campaign has been launched in response to increased cyberattacks from state sponsored hackers in Russia, China, Iran, and North Korea and independent hackers.
The aim of the campaign is to ensure that cybersecurity best practices are being followed to make it much harder for the attackers to succeed. The NCSC is aware that improved cybersecurity comes at a cost, but explains that investment in cybersecurity defenses is money very well spent and reminds businesses that an ounce of security equates to a pound of protection.
How Can Businesses and MSPs Improve Their Defenses?
With MSP cyberattacks on the increase it is essential that defenses are improved. While there are many ways that MSPs and businesses can be attacked, one of easiest ways is phishing. Phishing targets a weak link in security defenses: Employees. If a phishing email is delivered to an inbox and an employee responds, credentials will be obtained by the attacker that gives them a foothold to launch further attacks on other employees and MSP clients.
It is therefore important to improve awareness of the risks and train employees how to recognize email threats and how to react. It is also important to ensure that technical spam defenses are implemented to make sure phishing threats are blocked on the server and are not delivered to end users’ inboxes or local spam folders. SpamTitan is an ideal solution for MSPs to implement to block these phishing attacks on their employees and their clients.
SpamTitan is an easy to implement and easy to manage spam filtering solution that provides excellent protection against the full range of email threats. Email attachments are scanned using dual antivirus engines ensuring 100% of known malware threats are blocked. Suspicious attachments that pass the AV scans are sent to a Bitdefender-powered sandbox where they are subjected to an in-depth, sophisticated analysis to identify previously unknown malware threats and malicious scripts. The solution is automatically updated and is fed real-time threat intelligence gathered from an active database of 650 million users. SpamTitan also uses a defense-in-depth approach to protect against phishing threats, including machine learning predictive techniques to identify zero-day phishing threats. SpamTitan scans inbound and outbound emails and includes a data loss prevention feature to prevent attempts to use email accounts to send sensitive data outside the organization.
A web filter should also be implemented to prevent end users from visiting malicious websites where malware is downloaded and to block the web-based component of phishing attacks. A DNS-based web filter blocks attempts to access malicious sites during the DNS lookup process, with zero latency. TitanHQ has developed WebTitan to provide protection against web-based threats. WebTitan stops malicious requests at the DNS layer, which is better than waiting for the payload to be delivered onto the machine and then removed. By stopping it at the DNS layer you’re reducing not only malware infections, but containing machines already infected by preventing them from communicating out to their C&C servers.
Benefits of TitanHQ Cybersecurity Solutions for MSPs
- Easy client account administration via a central control panel
- One control panel to manage all clients
- Intuitive controls with low management overhead
- Eliminates the need for site visits, with no local support required
- No end user software installations needed
- Incorporate new clients in minutes
- Competitive usage-based pricing with monthly billing
- Three hosting options: Our servers, a private cloud, or within an MSP’s infrastructure
- Generous margins for MSPs
- Industry-leading technical support and customer service
- Solutions available in a white label version ready to take MSP logos
For further information on spam filtering and web filtering for businesses and MSPs, speak to the TitanHQ team today.
Other important steps to take to improve security include:
- Use of strong password policies
- Applying the principle of least privilege
- Ensuring network and host-based monitoring systems are implemented and logs are regularly checked for signs of malicious activity
- Performing regular vulnerability scans to identify security weaknesses before they are exploited.