You're Being Hacked Now – Channel Futures

You’re Being Hacked Now

Written by Edward Gately
February 21, 2023

During his keynote, Adam Bennett, founder and CEO of Crosshair Cyber, gave a glimpse into the mind of a hacker and how they target channel partners.

He said malicious hackers are driving rapid growth in cybersecurity.

“Who here has played with ChatGPT?” Bennett said. “Who has used it for work purposes? There’s all kinds of things going onto this. As if we need more fuel to the fire, every day you see something new. It lowers the bar for malicious threat actors.”

Reflecting on the Kaseya cyberattack, it reiterates how the MSP market is really in the crosshairs because “when you can get into one, you can get into many,” he said.

For hackers, initial access can be the toughest part of launching an attack, Bennett said. That can be via phishing or trying to get someone to download something they shouldn’t, like getting someone in HR to download a resume.

“After initial access is discovery and lateral movement,” he said. “When you’re moving around, have to be very, very careful.”

Next is full compromise and “now I want everything,” Bennett said.

When penetration testing an MSP customer, Bennett found a file share of an old domain and was able to get old credentials out of it that still worked.

“It can be something very simple, like you forgot to encrypt … or get rid of it,” he said. “Sometimes it’s simple housekeeping. This was an MSP, but it could have affected all customers.”

So how should MSPs respond? First, put barriers in the way of hackers, Bennett said. Also, layered defenses and secure architecture are important, as well as conducting a risk assessment and business impact analysis.

In addition, regularly test data recovery, enable proactive response actions, conduct incident response exercises at least annually, and monitor networks 24/7 or hire someone qualified to do the monitoring, he said.

All backups should be encrypted, Bennett said.

“Awareness, email protections, cyber insurance, endpoint and network controls, threat intel, including proactive blocking, vulnerability and patch management, including process and prioritization, are key, and continuous security assessment, seek adversarial viewpoints,” he said.

Tags:

Edward Gately

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.