One of the toughest, and often thankless, roles in all of IT is that of the managed security services provider (MSSP). Most MSSPs know cyberattacks tend to come in waves.

Cybercriminals like to mix up their attack vectors to avoid detection. Once they notice that one type of attack is starting to be detected and blocked, they quickly move on to the next vector.

That next vector usually doesn’t rely on some new innovative technique. Rather, cybercriminals prefer to employ a variant of methods that are just different enough from a tried and true vector to get past whatever cybersecurity defense might be in place.

A recent report illustrates scope of challenge

A recent report from Malwarebytes, a provider of endpoint security tools, finds that between the fourth quarter of 2018 and the first quarter of 2019 there was a 195 percent increase in detection of ransomware attacks aimed specifically at businesses.

That comes after a lull, during which cybercriminals apparently shifted their focus to cryptomining malware, which allowed them to surreptitiously take over part of a machine to create cybercurrency. After the value of cryptocurrencies dropped, cybercriminals once again focused their effort on Trojans and ransomware to target businesses.

The report also found that there was a 200 percent increase in Trojan attacks from the previous quarter, and almost 650 percent from the same time last year. The most fearsome Trojan attack today comes in the form of a variant known as Emotet.

Originally designed to steal credentials from financial services firms, Emotet is a self-propagating Trojan that spreads like wildfire once it gains access to an enterprise network. Spread via malicious link and attachments, Emotet is now being broadly employed to steal credentials. It’s unknown how much data cybercriminals have been able to exfiltrate using stolen credentials, but the amount is increasing with each passing day.

Cybercriminals are now more clever than ever before

Many cybercriminals are not even bothering to launch the actual ransomware attack. Instead, they just send emails claiming they did. Then, they wait for the recipient of that email to authorize a payment to their bank. They can get away with this because most organizations don’t really have much of a means to detect whether their systems have been infected by ransomware or not.

It’s hard to say whether there is an absolute increase in these attacks or if organizations are simply getting better at detecting them. Regardless, cybercriminals try to keep a low profile.

The FBI Internet Crime Complaint Center (IC3) estimates the median loss of a business email compromise to be about $8,000, while the median loss for a computer data breach is $25,000. Those are not the types of amounts that will generate get much attention from law enforcement officials. However, when you multiply $8,000 by the number of businesses in the U.S., it becomes apparent how cybercrime has become a multibillion-dollar business.

Historically, cyberattacks have historically been largely indiscriminate. It’s now clear that they are becoming more targeted. Employing what are known as a whale phishing attacks, cybercriminals are especially keen to compromise the credentials of executives that have the authority to transfer thousands of dollars without the permission of a board of directors.

MSPs becoming targets

Unfortunately, cybercriminals have also discovered that MSPs themselves can be a doorway through which they can gain access to thousands of potential systems that MSPs manage on behalf of their customers. Most organizations are still going to be far better off relying on an MSP than trying to go it alone.

Whether they target MSPs or business executives, cybercriminals have repeatedly shown how easily they can adapt. The minute one avenue of attack becomes blocked, they shift tactics. Cybersecurity remains largely a game of cat and mouse.

Put it together and it becomes obvious that successful MSSPs need to be able to adapt quickly as attack vectors shift. As a result, providing managed security services may not be for every MSP.

However, customers are also starting to make it clear they prefer MSPs that can not only manage IT, but also secure it. MSPs are becoming a first line of defense, whether they like it or not. Collectively, MSPs are now acting as scouts that help identify when cyberattacks start to shift from one vector to another.

Not everyone fully appreciates the critical role MSPs play in ensuring cybersecurity. It’s easy to point fingers at an MSP when something inevitably goes wrong. These days the only thing  that stands between most organizations and total digital anarchy is a very thin line of highly underappreciated MSPs.

Photo: Costello77 / Shutterstock

Mike Vizard

Posted by Mike Vizard

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike blogs about emerging cloud technology for Smarter MSP.

Leave a reply

Your email address will not be published. Required fields are marked *