MSPs were the victims of countless ransomware attacks in 2019. In June, hackers infiltrated a number of MSPs using their webroot management consoles. What followed was a generalized attack on MSPs and their client systems, with ransomware blocking deals, damaging reputations and even getting some large ransom payments. In August, 22 communities in Texas suffered a ransomware attack that disabled city systems. A senior mayor blamed the MSP for this.
Security analysts agree that most of these ransomware attacks were the result of compromised account information - usernames and passwords. Phishing is one of the main methods hackers use to hijack user accounts. Here are the top three ways hackers can gain access.
1. Inline phishing links
Phishing emails are characterized by links, but they are used in different ways with a variety of obfuscation techniques. In the classic phishing attack, the phishing link leads to a website that pretends to come from a brand, such as a retailer, a cloud service provider such as Microsoft and PayPal, or a bank. Phishing emails that direct users to the websites usually claim that the account has been blocked, the payment information is out of date or missing, or that the user needs to log in to get a message or an important document.
A popular version of this scam is the Microsoft OneDrive phishing attack. The user receives a fake email from Microsoft or a colleague. The email asks the user to click a link to open an OneDrive file, but to do this they have to log into Office 365. If it does, its credentials will be stolen.
2. Links in attachments
In order to avoid detection by e-mail security filters, the hackers prefer to place the phishing links in attachments rather than in the e-mail body. A common phishing scam that uses bogus attachments is the scam with an invoice attached. The phishing email asks the victim to open an attachment to retrieve an invoice. The bill itself contains a link that leads to a phishing page, where the user gives their account details without being aware of it.
3. Fake attachments
In this scam, the email attachment - usually a Word or PDF file - is not an attachment but a phishing link. If the victim clicks the attachment to open it, they will be taken to a phishing page. In other cases, the ransomware download starts automatically via a macro function or the victim activates the macros in the document so that a download of the ransomware is triggered.
4. Multi-phase attacks:
A phishing or lateral phishing attack starts with phishing and then evolves into spear phishing. In this attack, a hacker sends a fake Microsoft email asking the user to sign in to Office 365. After the user data has been intercepted on the phishing site, the hacker has access to the company's Office 365 environment. Now he can send internal spear-phishing emails into the organization.
For an MSP, a multi-phase attack can affect its customers' business outside of its organization. A hacker with a legitimate Office 365 email address can pose as an MSP employee and send emails to the MSP's customers. This could be phishing emails asking the customer to log into one of their own systems, or spear-phishing emails with attachments containing ransomware.
Install antivirus to protect your data from ransomware attacks
Protecting Your Business and Your MSP Customers
Large companies have security budgets and skills that exceed those of most SMBs. The hackers know that. They take advantage of this by targeting the MSPs. If you use Office 365, you need an additional level of protection via Exchange Online Protection (EOP). Secure Email Gateways(SEG), which were once the standard for email security, are outside of Office 365. This architectural limitation makes EOP's signature-based protection useless - and it's the primary way to detect known ransomware. We have a native, API-based solution that resides within Office 365 and complements EOP rather than restricting it. A fully integrated solution simplifies configuration, does more than signature-based detection, and protects against spear-phishing attacks by insiders.
Comments
Post a Comment