Cloud Hosting

Hackers have realized they dont have to go after Bank of America. Instead, they can make a million dollars from an MSP and spread out to its business customers in the process, according to cybersecurity company ThreatLocker co-founder and CEO Danny Jenkins.

Something changed in the last decade where these hackers realized [MSPs] dont have nearly the security that Bank of America or the Department of Defense does, Jenkins said. With a little bit of planning, I can figure out what security software they use, figure out what their staff is like, figure out who they do business with, and now, I can send them direct emails.

MSPs are in the crosshairs, and there are many ways hackers are gaining access. One popular way is for hackers to figure out what security tools an MSP is using. Attackers can use exiting tools against you--and they are--to get into your systems, Jenkins told an audience of MSPs and solution providers at CRN parent The Channel Companys NexGen+ 2021 conference Tuesday.

[Related: ThreatLocker Is Locking Out Ransomware, Providing Peace Of Mind For MSPs]

Once inside an MSPs organization, its easier for the hacker to live off the land--that is, go after the rest of the companys customers, he said.

Adopting a zero-trust framework of never trust, always verify, can help MSPs take control of their own environment, Jenkins said.

We ourselves are seeing a lot of various attempts to breach our security, said David Liu, founder and CEO of solution provider Deltapath, who was in attendance during Jenkins keynote.

The San Jose, Calif.-based company focuses on unified communications and securing VoIP for its customers. Deltapath is no stranger to being a target of hackers looking to breach a solution provider organization, Liu said.

In one case, a Deltapath customer was hacked and a legitimate-appearing email was sent to Deltapath that made it through the companys layers of security. The email looked really authentic, but was luring us to make a document download, which could start an attack. Luckily, the last layer of defense is human and we had enough training to notice something looked fishy, Liu said.

A zero-trust security approach has some limitations, but its a really important strategy, he said.

Removing unnecessary privileges and whitelisting-- which allows everyday applications to have access to things they dont need like PowerShell being able to talk to Microsoft Office--is how MSPs can establish a zero-trust security posture, ThreatLockers Jenkins said.

The only thing QuickBooks needs access to is the QuickBooks folder. SolarWinds didnt need to go out to anything on the internet except SolarWinds. They dont need [access], so take it away, he said. Just checking that box should take away a huge surface area of attack from your system.

Only if access is blocked by default, storage is locked down at the application level and privileges are removed will MSPs be able to get themselves ahead of unavoidable threats, Jenkins said.

We want to be more secure than our neighbors because no ones robbing the house with a big dog, cameras and a gun sign, he said. Its easier to go next door.

See the original post here:
MSPs, Not Bank Of America, Are The New Ransomware Target, Says ThreatLocker - CRN