https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Getty Images

reading ransomware digital computer screen magnifying glass 3D Illustration

MSPs Warned of Major Ransomware Threat to RMM Platforms

  • Written by Edward Gately
  • February 19, 2020
Integrated solutions are the common type of platforms used by MSPs.

Asigra on Wednesday issued a warning to its global network of MSPs about a ransomware threat to remote monitoring and management (RMM) platforms that puts solution provider and end-customer applications and data at high risk.

When MSPs are utilizing their RMM platform with tightly integrated backup solutions, there is a single access point to dozens, hundreds or even thousands of organizations. Since the RMM platform is based on agents that are pushed out, the ransomware can potentially push out its malicious code to each of the MSP clients while neutering the backups. This makes MSPs a very lucrative target, according to Asigra.

Eran Farajun, Asigra‘s executive vice president, tells us this attack method is different from others targeting MSPs because it uses the MSP’s platforms with its multiple tools that are all pre-integrated to gain entry, and then uses the MSP as proxy to access many clients.

Asigra's Eran Farajun

Asigra’s Eran Farajun

“It is different than attacking each application independently,” he said. “It is much more efficient. The tradeoff of ‘pre-integrated’ to save time and less vendor management has a cost of a higher risk.”

The hacker may send an urgent email or text that appears to come from someone’s direct manager or company executive. The email or text likely contains a link that downloads the ransomware or malware, or an attachment that’s infected with it. The email may emulate an alert email from the same RMM program or another that occurs all the time. Once the RMM platform is compromised, so is the integrated backup, and now the entire MSP client base is under dire threat, according to Asigra.

“Integrated solutions are the common type of platforms used by MSPs,” Farajun said. “Think Connectwise/Momentum, Autotask/Datto, Solarwinds, TigerPaw, Kaseya and Atera. They are very widely used; hence, the popularity of the attack vector and the risk to MSPs and their downstream customers, [and] perhaps the downside of working with another vendor. But MSP surveys show they prefer best-of-breed solutions for their customers.”

Protecting the MSP’s RMM platform against data is a simple, three-step process, according to Asigra.

  • First, train all employees to be aware of targeted phishing attacks, as this is the No. 1 channel by which ransomware enters the network.
  • Next, separate the data protection infrastructure/solutions from the RMM platform and avoid integrated solutions, which will make it more difficult to compromise.
  • And finally, use a backup solution that prevents ransomware or any malware from ever deleting the backup. Also make sure the backup software prevents a ransomware or malware infection by scanning both the backup and recovery streams.

“The density of high-value data in many RMM environments is too alluring for criminal hackers to avoid, making it incumbent upon the MSP to architect a bulletproof data recovery model,” Farajun said. “For the strongest protection, services professionals are advised to disentangle RMM and backup to ensure system recoverability.”

In addition, new research by BlackBerry Cylance finds cybercriminals increasingly focused on MSSPs as high-value targets in 2019.

In mid-2019, a new ransomware called Sodinokobi appeared in the wild, targeting businesses and causing mass disruption in some U.S. government agencies. Its deployment methods are noteworthy as the compromise occurred via targeted phishing attacks aimed at MSPs and MSSPs managing security within the target organization.

BlackBerry Cylance's Eric Milam

BlackBerry Cylance’s Eric Milam

Eric Milam, vice president of research operations at BlackBerry Cylance, tells us it’s much more efficient for a threat actor to attack the MSSP than individual customer targets since once the MSSP is breached, the hacker has access to the whole infrastructure including the MSSP’s customers proprietary data.

“The question is not what they are not doing; they can’t protect against zero-day vulnerabilities or disgruntled employees, but they can do better by employees’ awareness and training around phishing, email links and attachments, regular credentials audit, OS and application patching, better logging and monitoring,” he said. “This is a clear indication that threat actors are becoming more sophisticated since the expertise the MSSPs are providing to customers is computer security, so in theory it should be very hard to hack them.”

Tags: MSPs RMM/PSA Security Technologies

Most Recent


  • Cloud MSP 2nd Watch Is No More: Consultancy Rollup Leads to Ollion
    Four cloud-native companies have joined forces to challenge the professional services market.
  • Ingram Micro partners adapt to world of AI/ML
    7 Trends Impacting Ingram Micro Partners: Marriage of AI, Data Looms Large
    Are the distributors and cloud hyperscaler going to be friends in the long term?
  • Forcepoint Completes Sale of Public Sector Unit, to Focus on SASE Platform
    Forcepoint will double down on the vision for its data-first SASE platform.
  • Nutanix partner program changes
    Nutanix Partner Program Sees More Changes, Vendor Touts ‘Channel-Led’
    We quizzed channel head Dave Gwyn about the additions, and the language around Elevate.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Conflict Boxing Gloves
    Channel Conflict, Controversy: SolarWinds Hack, Racism, Layoffs, Zoom-RingCentral
  • Paying ransomware
    Sophos: Avaddon Ransomware Becoming More Prominent, Aggressive
  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration
  • Data management platform
    IBM Acquires Catalogic Software's Copy Data Management Business

Upcoming Events

View all

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Channel Futures Leadership Summit 2024

September 17, 2024 - September 19, 2024

Galleries

View all

7 Trends Impacting Ingram Micro Partners: Marriage of AI, Data Looms Large

October 2, 2023

Nutanix Partner Program Sees More Changes, Vendor Touts ‘Channel-Led’

October 2, 2023

Mind the Trust Gap: Content Marketing Falls Flat with Majority of Decision-Makers

October 2, 2023

Industry Perspectives

View all

Partners Balance Multicloud Opportunity, Complexity

September 25, 2023

Why Conversational AI Matters for Your Customers and How It Can Boost Your Revenue

September 15, 2023

The 5 Ds that Lead to Unplanned Business Sales

September 13, 2023

Webinars

View all

MSP 501: Leadership in Cybersecurity

October 19, 2023

DE&I: Find the Balance that Works for You

September 7, 2023

Above and Beyond with the NextGen 101ers

August 30, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 129: ZLH Enterprises

Coffee with Craig and James Episode 128: Channel Partner Strategies Intelligence Service

August 25, 2023

Coffee with Craig and James Episode 127: Expereo, Movie Night Returns

August 18, 2023

Coffee with Craig and James Episode 126: ARG

July 28, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X