MSPs–and Their Access to Customer Networks–Are the Holy Grail to Cyber Criminals
MSPs are trusted partners who have complete administrative control over their customers’ networks. Within the context of the relationship, this trust works. But what happens if a cyber attack on the MSP takes place, and elevated credentials are compromised? In concept, because of the potential for admin access to customer networks, MSPs can be seen by cybercriminals as the “Holy Grail.”
If you’re an MSP and your own cyber security posture isn’t up to par, you could be putting your own network, and the networks of all your customers, in danger of ransomware attacks, data breaches or fraud.
In Carbon Black’s 2019 Global Threat Report, two really critical stats came to light:
- 60% of all attacks involve lateral movement – to laterally move from machine to machine, the bad guy needs one or more internal credentials. So, that means, eventually, the bad guys can look just like the good guys.
- 50% of all attacks involve island hopping – which is the act of compromising company A to jump over and make a victim of company B. Island hopping involves using either compromised trusted credentials that provide access in the company B’s network or utilizing company A email to send malicious emails to company B in order to gain access or commit fraud.
Put these two notions together and you can easily see how an MSP environment, if not properly secured, can be leveraged to gain access to multiple customers’ networks and money.
Here are a few possible scenarios where criminals might use island hopping as a tactic:
- Direct access – If you have a direct connection to your customer networks and leverage trust to facilitate access, it takes sophisticated hackers less than 20 minutes to get domain admin rights in your domain. This, in turn, can be used to identify and compromise an account that has admin rights in your customer’s network. From there, the cybercriminal has carte blanche access.
- Indirect access – Gaining access to the email of even a low-level employee in your organization would allow a cyber criminal to send messages containing malicious links or attachments to a customer, potentially giving the cyber criminal access to endpoints on the customer’s network.
- Ransomware – Using the last example, the malicious emails could contain ransomware.
- Fraud – If they can either create accounts and email on your network (pretending to be someone within accounts receivable), or compromise someone in that department, cyber criminals can send out phishing emails to customers asking them to modify the banking details on payments, rerouting funds to an account they control.
MSPs can serve as the launching point for attacks that cast a wide net over all of your customers. So, what should you do about it?
- Take Your Own Advice – You should implement the very same precautions you