Every person in IT—really every person in business today—is hyper-aware of their risk of getting breached. It’s real, especially for small-to-medium-sized businesses that lack the advanced security tools and expertise needed to remain afloat. Hackers are relentless and lurking everywhere, and MSPs are ultimately responsible for their entry, and the resulting damage, to their clients’ networks.
In order to detect suspicious activity faster and minimize as much harm as possible, it’s crucial that you understand the methods employed by cyber criminals. MSPs offering cyber security services will benefit from the following breakdown, which details the most common cyber attack tactics, key warning signs and tips to remain protected.
Two Sides of the Coin: Paths to Destruction
Cyber criminals operating with a “smash-and-grab” mentality profit more from obtaining a high volume of system resources for a short period of time. These hackers compromise the victim to do something specific so they can monetize quickly. For example, malware has a specific outcome—like encrypted files or a bot sending out spam—and the payload is specific. It’s basically a “make money and get out” system. This type of attack is typically same-day—sometimes up to a week. These quick hits, like spam email or spambots, are not forensically in-depth. They can be caught fast and erased fast.
Ransomware falls under this category. Why did 4,000 ransomware attacks occur every day in 2016? It’s quick and cheap, with a low bitcoin payback. All cyber criminals really do here is create polymorphic variants: a twist on the signature that antivirus software is programmed to detect. When a system is hit with something a signature has not been created for, it will bypass their security.
2. Persistent Threat Category
If this approach were to be described in one word, it’d be “stealthy.” This method is typically carried out by cryptocurrency miners that find a foothold and break through over time—sometimes months. Cyber criminals often lurk undetected inside companies’ IT systems for 200 days or more before discovery. During this time, they gain access inside the network, escalate privileges, search for high value information, and ultimately exfiltrate data or perform other malicious activities.
The majority of AV solutions are barely able to counteract or even detect the virus, and its victims can only wait for the necessary signatures to be generated. These persistent threat attackers make money out of something the victim doesn’t notice—and they’re often just used as a launch point to get to more valuable data on someone else’s computer within the network. This was the case with Wannacry—ransomware that became persistent. These cyber criminals really do lurk—but with a bigger end game comes a bigger cost. They only gain a small fraction of the compensation, but still, they gain.
Spotting the Fingerprints
One in three (32 percent) security professionals lack effective intelligence to detect and respond to cyber threats, according to a recent survey from Anomali. Clearly there is a need for more proactive security measures that could help organizations effectively prepare for cyber attacks. As an MSP committed to protecting your clients’ businesses, you should not overlook the following areas:
- Have up-to-date AV and backup installed.
- Review user access and privileges.
- Stay current on patching.
- Take a holistic approach to identifying gaps in your environment.
- Have a defined security program and tools that adhere to what you define across your environment.
- Create an incident response plan.
Covering these bases will put you and your clients in the best position possible to avoid getting duped by the variety of hackers across the threat landscape. At the end of the day, you’re responsible for keeping your clients secure, so remaining educated on the latest cyber tactics and how risk continues to evolve will cement you as a true security partner.
Handpicked for you:
By Lily Teplow
By Brian Downey
By Dave LeClair