For cybercriminals, MSPs can provide unfettered admin access to many customer networks, putting a larger number of organizations at risk. Learn what MSPs should be doing to protect themselves and their clients.

Webroot Guest Blogger

August 22, 2019

4 Min Read
Sun shining through clouds

MSPs are trusted partners who have complete administrative control over their customers’ networks. Within the context of the relationship, this trust works. But what happens if a cyber attack on the MSP takes place, and elevated credentials are compromised? In concept, because of the potential for admin access to customer networks, MSPs can be seen by cybercriminals as the “Holy Grail.”

If you’re an MSP and your own cyber security posture isn’t up to par, you could be putting your own network, and the networks of all your customers, in danger of ransomware attacks, data breaches or fraud.

In Carbon Black’s 2019 Global Threat Report, two really critical stats came to light:

  • 60% of all attacks involve lateral movement – to laterally move from machine to machine, the bad guy needs one or more internal credentials. So, that means, eventually, the bad guys can look just like the good guys.

  • 50% of all attacks involve island hopping – which is the act of compromising company A to jump over and make a victim of company B. Island hopping involves using either compromised trusted credentials that provide access in the company B’s network or utilizing company A email to send malicious emails to company B in order to gain access or commit fraud.

Put these two notions together and you can easily see how an MSP environment, if not properly secured, can be leveraged to gain access to multiple customers’ networks and money.

Here are a few possible scenarios where criminals might use island hopping as a tactic:

  • Direct access – If you have a direct connection to your customer networks and leverage trust to facilitate access, it takes sophisticated hackers less than 20 minutes to get domain admin rights in your domain. This, in turn, can be used to identify and compromise an account that has admin rights in your customer’s network. From there, the cybercriminal has carte blanche access.

  • Indirect access – Gaining access to the email of even a low-level employee in your organization would allow a cyber criminal to send messages containing malicious links or attachments to a customer, potentially giving the cyber criminal access to endpoints on the customer’s network.

  • Ransomware – Using the last example, the malicious emails could contain ransomware.

  • Fraud – If they can either create accounts and email on your network (pretending to be someone within accounts receivable), or compromise someone in that department, cyber criminals can send out phishing emails to customers asking them to modify the banking details on payments, rerouting funds to an account they control.

MSPs can serve as the launching point for attacks that cast a wide net over all of your customers. So, what should you do about it?

  1. Take Your Own Advice – You should implement the very same precautions you recommend to prevent attacks using a layered security strategy at the perimeter (think DNS, email and web protection), endpoint (malware protection) and user (security awareness training) levels.

  2. Evaluate Risk – Do some due diligence work on where credentials for accessing your customer networks are stored, how access is achieved, and ways all of this can be compromised by an attacker targeting MSPs. It’s far more likely that you designed all such processes around productivity and not security, so you may need to look at where your risk may exist from an attack perspective and then re-architect.

  3. Protect Privilege – Take seriously the potential damage to your customers should your network be compromised. Put any kind of privileged access behind multi-factor authentication and privileged access management

  4. Be Vigilant – Your business needs to operate within the mindset of a security culture where every user in the organization understands the need for constant security and their role in it. Security awareness training is a necessary part of the equation, but creating a security culture starts at the top and works its way down.

Cybercriminals know they can be more successful by using a targeted attack and then island hopping from the initial target to the next. MSPs are perfect for these kinds of attack campaigns. That’s why it’s critical to the success of both your and your customers’ respective businesses that you put protective measures in place organization-wide to reduce the risk of an attack.

 What’s next?

I encourage you to start a free Webroot protection trial to see for yourself how our solutions can help you prevent threats and maximize growth:

Endpoint Protection | DNS Protection | Security Awareness Training.

This guest blog is part of a Channel Futures sponsorship.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like