Post-REvil Takedown, MSSPs Need to Get Ready for Resurgence
We look at the context around soaring ransomware attacks and other breaches, and discuss platforms MSSPs could use.
![Revil ransomware Revil ransomware](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt8db03b84ad76b2c0/6524404d24235e634e2d1d0b/18-Revil-Ransomware.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Organizations around the world are having a hard time keeping up against ransomware attacks. Recent findings from Veritas Technologies, which provides backup and recovery platforms, show that the average organization got hit with 2.57 ransomware attacks that led to downtime in the past 12 months. (And remember, the Conti gang loves to go after organizations’ backups.) Ten percent suffered more than five attacks, according to a survey of more than 2,000 IT leaders around the world.
The problem stems from digital transformation during COVID-19, Veritas Technologies said. That’s because organizations are having trouble keeping pace with accelerated digitization. And they’re not securing piece by piece along the way. On the next slide, find out which aspect of IT faces the most threats.
Cloud presents the greatest ransomware vulnerability, according to Veritas Technologies’ survey findings verified by Vanson Bourne. Only 61% of respondents said their security measures have kept up with their digital transformation. The two most commonly reported gaps? Cloud technology (56%) and security (51%). But there may be a bigger problem ahead — one that MSSPs can solve.
Addressing cloud technology and security gaps is no cheap or easy feat. Veritas Technologies found that organizations would have to spend, on average, $2.47 million within the next 12 months to shore up their environments. On top of that, they would need to hire 27 full-time IT employees. Few organizations have the resources for either initiative just lying around, as Peter Grimmond, international CTO at Veritas Technologies, pointed out.
“It’s unlikely that enterprises around the world are each going to be able to hire dozens of additional IT staff in order to rise up to this challenge, so companies are going to need to be smart if they want to shore up their protection infrastructures against the continued threat of ransomware,” Grimmond said.
From Channel Futures’ perspective, MSSPs, especially those well versed in cloud, are ideally positioned to step in and act as end users’ IT departments.
Looking at a different aspect of cloud cybersecurity, MSSPs may want to be aware of a recently introduced service from AttackIQ. The company provides breach and attack simulation systems. It now also offers a managed security validation service called AttackIQ Vanguard. The platform helps users — MSSPs included — select adversary tactics, techniques and procedures to proactively hunt for problems before a cyberattack launches. AttackIQ delivers reports on the results each week. Users can share the information with various teams to beef up performance and safeguards.
“Adversaries don’t discriminate against organizations with high and low cyber operational capability maturity models,” said Carl Wright, chief commercial officer at AttackIQ. “We launched AttackIQ Vanguard to democratize advanced cybersecurity control validation and close the gap left by ad hoc testing approaches, so customers have greater situational visibility into the effectiveness of their security programs.”
Ransomware doesn’t just infiltrate corporate systems. It can reach employees’ personal devices, too, thanks in large part to single-sign-on capabilities and cloud applications.
Code42 thinks it has a solution. The company, which aims to reduce insider risk, has unveiled a tool that automatically detects data exposure movement from trusted environments to unmonitored devices — smartphones, laptops, tablets, etc. When a file moves to such a device, Code42’s Incydr platform alerts security teams to the information being exposed and from where.
“Trust is critical when it comes to managing risk,” said Joe Payne, Code42’s president and CEO. “When insiders move company data to untrusted locations like their mobile device or their Google Drive account, they create risk for their organization.”
It’s not like the danger of insiders sharing data is new.
“The risks associated with authorized users simply doing their jobs has been around for as long as we have needed to share valuable information with colleagues, clients and collaborators,” said Derek Brink, vice president and research fellow, Aberdeen Strategy & Research. “The difference now is that both the scale and scope of this kind of enterprise data movement makes the risk too big to simply ignore.”
Code42 says Incydr’s ability to detect file downloads to unmonitored devices requires licenses and will be available next month.
Remote work opens yet another door to cyber criminals — and boy howdy, have they taken advantage during COVID-19. Security firm Kaspersky reports a 767% increase in ransomware from 2019 to 2020, while the Check Point 2021 Cyber Attack Trends midyear report shows another 93% increase in the first six months of 2021. Finally, research from Palo Alto Networks indicates that Remote Desktop Protocol (RDP) has represented the primary attack vector in 50% of all ransomware attacks since 2018.
Digital workspace vendor Cameyo aims to do its part to protect organizations from hackers targeting RDP connections and VPNs — two legacy technologies that notoriously suffer from security problems. Trouble is, remote employees often have to rely on these pathways to the corporate network.
“It’s no longer enough just to enable remote access — organizations must now enable secure remote productivity,” said Mark Bowker, senior analyst at Enterprise Strategy Group. “But many legacy systems require organizations to open ports in their firewall or VPN, increasing the attack surface.”
Click ahead to find out what Cameyo has done to combat the issue.
As an alternative to RDP and VPN, Cameyo offers Secure Cloud Tunneling. Built on the company’s zero-trust security architecture, Secure Cloud Tunneling eliminates the need to open firewall ports. Cameyo says apps then are delivered securely outside the corporate network without going through firewall ports or using VPNs.
All Cameyo customers may take advantage of Secure Cloud Tunneling at no extra cost. The capability comes as part of the platform.
Cameyo sells through managed service providers.
So this last one’s scary. But it probably has to be highlighted.
Earlier this summer, research firm Gartner said that, by 2025, cyber attackers will have weaponized operational technology (OT) environments to hurt or kill people. The hardware and software that monitor or control equipment, assets and processes are vulnerable, analysts said. Bad scenarios could look like attackers shutting down a plant or somehow compromising an industrial environment to create physical harm.
Notably, OT does differ from IT. However, the two intersect and even intertwine. Thus, MSSPs would do well to know more about this potential problem so they can provide advice and guidance.
Gartner predicts that the financial impact of fatal cyber-physical systems attacks will reach more than $50 billion by 2023.
Even without taking the value of human life into account, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant, the firm said. Gartner also predicts that most CEOs will be personally liable for such incidents.
MSSPs could act as the frontline heroes here. Channel Futures recommends exploring the idea of MSSPs teaming with operational security experts. Together, these experts can combine and deliver physical and cyber security protections as criminals take their aspirations to the next level.
Gartner predicts that the financial impact of fatal cyber-physical systems attacks will reach more than $50 billion by 2023.
Even without taking the value of human life into account, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant, the firm said. Gartner also predicts that most CEOs will be personally liable for such incidents.
MSSPs could act as the frontline heroes here. Channel Futures recommends exploring the idea of MSSPs teaming with operational security experts. Together, these experts can combine and deliver physical and cyber security protections as criminals take their aspirations to the next level.
The U.S. government took down the REvil group last week. Ransomware gangs are not happy about that development (as if there’s much sympathy for them). Now members of REvil (the criminals who have attacked Kaseya, among other high-profile targets) and the Conti group are busy publishing anti-U.S. screeds, according to NBC News. But rather than give those guys more airtime, Channel Futures is looking ahead. Hackers are like the Hydra monster of Greek mythology: Cut off one head and two more grow back. In other words, REvil’s cyber criminals may be down for now, but they’ll get back on their digital feet.
Brett Callow, an analyst at the cybersecurity firm Emisoft, told NBC as much.
“I suspect it’s all empty posturing: bravado intended to reassure any of their affiliates or other partners-in-crime who may be getting cold feet,” Callow said.
Knowing that, and given that other organized cyber criminals remain effective, managed security service providers have to be prepared. Keep working to protect customers’ environments from ransomware and other cybersecurity breaches. One important way to do that is to continue learning about new platforms and trends. After all, it’s not possible to jump ahead of the hackers. Security experts agree — there is no outpacing cyber criminals, there’s only making life really, really hard for them (which, frankly, sounds like a blast).
In line with that frame of mind, we’ve created a new slideshow. This one doesn’t just highlight products. Instead, we look at the context around ever-rising ransomware attacks and other breaches, including those related to cloud, and we discuss platforms MSSPs could use to combat those problems. At the end, we also highlight a troublesome trend that, while incredibly unsavory and unpleasant, we believe requires MSSP awareness and aptitude.
Click the photo above to start the slideshow.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Kelly Teal or connect with her on LinkedIn. |
About the Author(s)
You May Also Like