8 Security Trends MSSPs Need to Know
Recent research paints a dark picture in terms of the threats cybersecurity providers will be battling in 2019.
![Eight, 8 Eight, 8](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt16e98719832afc87/652429bff10781727e0e6afe/Eight-8.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Cryptocurrency mining remains extremely popular for criminals to monetize access to infected computers.
In 2017, at least one in three organizations experienced cryptocurrency mining activity on their network. These infections represent unauthorized access to the network and can affect critical business functions. In addition, cryptomining has been used as a ruse while other criminal activity was being performed. (Secureworks)
Numerous threats are available for purchase on underground forums.
There has been no significant decrease in the volume of ransomware, banking malware, point-of-sale (POS) memory scrapers or other threats available for purchase on underground forums. Secureworks’ counterthreat unit researchers tracked the emergence of 257 new ransomware families from July 2017 through June 2018, including GandCrab, which was the most prevalent ransomware threat in the first half of 2018 and continues to harm unprepared businesses.(Secureworks)
Unscrupulous hosting providers are offering cybercriminals access to anonymized servers and internet access. Malicious forums advertise the ability to control anonymous hosted computers, known as virtual private servers (VPS), and other dedicated hosting services for between $10 and $300. Criminals use these services for a wide range of scams, counterfeit goods and other criminality. However, these openly advertised hosting services typically aren’t the ones used to host command and control servers for malware that hits corporate IT networks. (Secureworks)
In 2019, evidence likely will emerge of tampering in a past presidential election, confirming the impact that foreign nationals have had on the U.S.’s democratic process, according to Arctic Wolf.
“As such, we can expect to see the federal government, as well as state and local governments, in the ‘hot seat,’ as citizens look to officials to take action and ensure the 2020 elections are secure,” said Brian NeSmith, CEO and co-founder. “In the private sector, we are starting to see the C-suite held responsible for their organization being attacked. Will the same stand true for government entities that aren’t taking proper steps to fix the security vulnerabilities within the voting process? These are questions we will see answered leading up to the 2020 elections.” (Arctic Wolf)
This year saw the advancement of hand-delivered, targeted ransomware attacks that are earning cybercriminals millions of dollars. These attacks are different than “spray and pray”-style attacks that are automatically distributed through millions of emails. Targeted ransomware is more damaging than if delivered from a bot as human attackers can find and stake out victims, think laterally, troubleshoot to overcome roadblocks and wipe out backups so the ransom must be paid. This interactive attack style, where adversaries manually maneuver through a network step by step, is now increasing in popularity.
Businesses need protection against manually-controlled attacks in addition to those by bots, Scott Barlow said.
“This will require a shift to ensure customers have layered security and [a] system in place that share intelligence and automatically responds to threats,” he said. “MSSPs do not want active adversaries lurking on their customers’ systems.” (Sophos)
With illegal Android apps on the increase, 2018 has seen an increased focus in malware being pushed to phones, tablets and other IoT devices. As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks. In 2018, VPNFilter demonstrated the destructive power of weaponized malware that affects embedded systems and networked devices that have no obvious user interface. Elsewhere, Mirai Aidra, Wifatch and Gafgyt delivered a range of automated attacks that hijacked networked devices to use as nodes in botnets to engage in distributed denial-of-service (DDoS) attacks, mine cryptocurrency and infiltrate networks.
“Attackers are finding novel ways to evade detection by Google and get malicious apps published on the Play market,” Scott Barlow said. “Routers and IoT devices are ripe for takeover because users infrequently change default passwords. If this seems like a perennial problem, it is. Cryptojacking is also a growing trend in mobile and on embedded devices, though the return on investment for each individual device is extremely low.” (Sophos)
Remember the fictional concept of a “fire sale” attack from the fourth Die Hard movie, in which a terrorist group planned a coordinated cyberattack against U.S. transportation, financial, and public utilities and communication systems. The terrorists meant to use the fear and confusion caused by the attack to siphon off huge sums of money and disappear without a trace. A version of this fictional attack will become a reality next year. (WatchGuard)
Small organizations will finally take an enterprise approach to cybersecurity.
Small businesses are finally realizing that they need to be as prepared as large organizations when it comes to cybersecurity, making it no longer an IT problem but a larger business challenge within every organization, according to Arctic Wolf.
“Additionally, we will see small businesses’ approach to cybersecurity impacting larger organizations through the supply chain vector,” Brian NeSmith said. “Hackers will take advantage of smaller organizations, which often fuel larger business’ supply chains, because they typically have security vulnerabilities that can be more readily exploited than larger ‘targeted’ companies. With this in mind, in 2019 we will see the C-suite become more involved in cybersecurity, not only when it comes to making decisions about tools to leverage, but also taking the brunt of repercussions.” (Arctic Wolf)
Small organizations will finally take an enterprise approach to cybersecurity.
Small businesses are finally realizing that they need to be as prepared as large organizations when it comes to cybersecurity, making it no longer an IT problem but a larger business challenge within every organization, according to Arctic Wolf.
“Additionally, we will see small businesses’ approach to cybersecurity impacting larger organizations through the supply chain vector,” Brian NeSmith said. “Hackers will take advantage of smaller organizations, which often fuel larger business’ supply chains, because they typically have security vulnerabilities that can be more readily exploited than larger ‘targeted’ companies. With this in mind, in 2019 we will see the C-suite become more involved in cybersecurity, not only when it comes to making decisions about tools to leverage, but also taking the brunt of repercussions.” (Arctic Wolf)
Already under pressure to increase their capabilities, MSSPs are going to have their hands full next year as cybercriminals unleash even more attacks, including bold attempts to take down critical internet infrastructure.
Recent research paints a dark picture in terms of the threats cybersecurity providers will be battling in the coming year. These include more targeted ransomware attacks, increasing cryptocurrency mining and unstoppable nation-state attacks.
Based on research from Secureworks, Sophos, WatchGuard Technologies and Arctic Wolf Networks, we’ve compiled a list of 12 cybersecurity trends that will challenge MSSPs and other security providers even more in 2019.
Sophos’ Scott Barlow
Scott Barlow, Sophos’ vice president of global MSP, tells us that MSSPs must become security experts for their customers.
“They must be prepared to protect customers against all types of attacks, whether a commodity ransomware attack bought as a kit on the dark web or a uniquely designed, higher-level deliberate attack,” he said. “MSSPs should also consider security innovation and partner with vendors that are innovating with deep learning technologies, synchronized security, endpoint detection and response (EDR) capabilities to minimize time spent investigating and remediating attacks, and educating and training their partners.”
EDR can monitor process behaviors to help detect and respond to emerging threats like vaporworms, a new breed of fileless malware, according to WatchGuard.
“Authentication is the cornerstone of all security, and yet it presents the weakest link in most organizations’ defenses,” said Corey Nachreiner, WatchGuard’s chief technology officer. “All the best security controls in the world don’t mean a thing if attackers gain access to a privileged credential, and countless data breaches have proven that passwords alone are not sufficient. To solve this issue, the industry has moved towards biometrics, but unfortunately, most still treat them as a single-factor of authentication. This is a mistake, as all single factors eventually get broken.”
Multifactor authentication (MFA) is the only way to secure credentials in the future, he said. Though MFA is mature in the enterprise, most midmarket companies have not deployed it throughout their organizations since traditional MFA solutions can be costly and complex to implement, he said.
Throughout the fourth quarter of 2018, as part of our “In Focus” series, we are featuring a series of galleries designed to help partners grow their businesses in 2019 and beyond. |
“This represents a huge greenfield opportunity for the IT channel,” Nachreiner said. “We recommend channel partners consider more SMB-friendly MFA solutions … to solve the authentication security problem.”
Also, when it comes to Wi-Fi, most customers trust the Wi-Fi “lock” icon more than they should, he said.
“That lock icon tells you that your Wi-Fi traffic is encrypted using WEP (bad), WPA2, or soon WPA3, which does secure it from passive sniffing,” Nachreiner said. “Unfortunately, this does not mean your layer 2 Wi-Fi traffic is protected from very basic attacks leveraging techniques involving rogue clients or Evil Twin APs. In 2019, solution providers should focus on more aggressively protecting their WiFi customers with wireless intrusion prevention system (WIPS) solutions that can actively block these attacks.”
Scroll through our gallery for what’s ahead in cybersecurity.
Read more about:
MSPsAbout the Author(s)
You May Also Like