Cybersecurity and cybercriminals do not recognize international boundaries, so even the smallest MSPs must always keep a global perspective. What is currently happening in France or Japan may soon be coming to one of your clients in Florida or Kansas.
“Cyberattacks often originate outside the country they are impacting because the criminals are much more difficult to apprehend,” explains Chad Carson, an IT expert in Toronto who works with clients around the globe. Sometimes, smaller countries with cybersecurity perceived to be laxer are used as a “testing ground” before attacks reach the U.S.
“So, something happening in a smaller country may signal that the activity could soon reach the U.S. or Canada,” Carson says.
Disruption from cyberattacks can quickly spill across borders
For instance, a recent cyberattack brought the United Kingdom’s mail delivery to a halt. The U.K.’s postal problems began January 10th and spiraled from there. The attack was traced to a Russian gang.
A cybersecurity expert told the Washington Post that: “An attack like that has huge ramifications for every U.S. citizen, basically, because in some way, shape, or form, they’re touched by the U.S. Postal Service.”
Carson points to fear that since cybercriminals successfully disrupted the smaller Royal Mail system, what will stop them from setting their sites in the U.S. or Canada next?
Carson also advises that a strain of malware impacting Australian healthcare facilities this month should be monitored in the U.S. for similar “exporting” techniques used by cybercriminals. Hacker News reports that the keywords “hospital,” “health,” “medical,” and “enterprise agreement” have been paired with various city names in Australia, marking the “Gootkit” malware’s expansion beyond accounting and law firms.
“While Australia has robust defenses in general, they are still a far less populous market than the U.S. and a good place for hackers to test their techniques,” warns Carson.
Government cybersecurity centers are a great resource for MSPs
Carson also shared that security personnel must look beyond their servers and monitor for trouble. The best way to do that, he advises, is to monitor government cybersecurity centers across the world.
“Everyone is familiar with CISA in the U.S., and here in Canada, we have a cybersecurity centre, for example, and a glance at those each week is a great preventative measure,” Carson advised, adding that some allow you to sign up for automatic updates and alerts, which makes you first to hear any breaking security news.
Some countries, however, are woefully behind on centralized governmental cybersecurity hubs. MSPs should sign up for keyword alerts form another country like Japan and Brazil so that you can receive alerts of cyber-happenings in a diverse group of countries.
Here are some examples of government sites MSPs should monitor:
Canadian Cybersecurity Centre:
Founded in 2018, the centre is a relative newcomer run by the Canadian government. The website publishes cybersecurity information for SMBs, large enterprises, academia, and others. They’ll also release alerts like the recent one for a Cisco SQL injection vulnerability.
“For businesses of all sizes in Canada, the alerts are indispensable,” Carson points out. “But businesses in the U.S. should monitor Canadian cybersecurity as closely as they do their own.”
South Africa:
Founded in 2015, the Cybersecurity Hub is the South African government’s one-stop-shop for cybersecurity incidents and alerts. “South Africa is another favorite place for hackers to try out new techniques before exporting them to the United States and Canada,” Carson advises.
Australia:
This is another country with a robust government cybersecurity center. “Monitoring what is happening on the other side of the world helps get a `big picture’ view and seeing threats that may be evolving or heading this way,” Carson recommends.
The ACSC publishes alerts and bulletins about cyberthreats, for instance, a recent warning of a critical vulnerability affecting many versions of Citrix Gateway and ADC. All Australian operators should check for indicators of compromise and install the latest updated versions.
Spain:
The Spanish government has a cybersecurity center which publishes alerts and news of latest malware incidents in the country. “The site has an English language version and while it may seem intimidating or unnecessary, the effort to monitor the globe is a worthwhile one,” Carson says.
He adds, “If you can be aware of a problem before it gets here, you’ll stay one step ahead of the hackers.”
Photo: Blue Planet Studio / Shutterstock