The cyber security landscape is changing all of the time and is creating new and unexpected challenges for IT Professionals and Managed Service Providers (MSPs). Cybercriminals are becoming more sophisticated in their approach and cyber risks can change daily, causing serious disruptions to a business.
Nowadays, cyber security is a priority for every company whether a small business or multi-national organization. Of course, MSPs need to remain vigilant to these threats, as they are responsible for IT infrastructure management and cyber security solutions.
With that in mind, we’re going to take a look at how cyber security threats work. In addition, we’ll take a look at some of the biggest cyber security events that we’ve observed in recent months.
What is cyber security?
Cyber security refers to the way in which organizations and businesses reduce the risk of a cyber attack. Various controls, processes, technologies, and human efforts are applied to manage data, devices, programs, networks, and systems to protect against unauthorized exploitation. A cyber security threat could be any potential malicious or negligent activity that may result in theft, corruption, or unavailability of IT assets such as data, programs, or network resources.
How do cyber security threats work?
Cyber security threats use a combination of techniques to have unauthorized access to vulnerable information. In most cases, cyberattacks are designed to use potential weaknesses in the system to exploit data, change or delete information or extort money from users. Cyber security threats can come from a number of actors, including disgruntled employees, lone hackers, criminal organizations, hostile nation-states, terrorist groups, hacktivists, corporate spies, and involuntary misbehavior.
In recent times, we have seen some high-profile cyber breaches that have caused sensitive data to be exposed. This includes the public and private sector and compromised many businesses and their clients.
Here is a list of some of the important cyber security incidents and threats that have made headlines recently:
1) SolarWinds Orion security breach
We’ll start with the biggest cyber security attack of 2020 – the breach of US information technology company SolarWinds. Hackers were able to spy on businesses like the upper echelons of the US Government and FireEye, an elite cybersecurity business. How did the SolarWinds hack happen? This breach was unusual, with hackers adding malicious code to a company’s software system called “Orion” using a method known as a supply chain attack. When SolarWinds sent out a regular update of its software, 18,000 customers installed it. Of course, this new software update included the hacked code. As a result, more than 30,000 public and private organizations were affected. The main reason was that his hack exposed all Orion users to vulnerabilities including partners and customers as well.
The media defined the SolarWinds attack as unprecedented because it was hard to detect and it caused significant physical consequences. Above all, this security threat impacted significant infrastructure providers which are crucial to public services. There was no easy solution or quick fix either.
What’s important to mention here is that the security experts have been warning for many years that software supply-chain attacks are some of the hardest types of cyber security threats to prevent. As mentioned above, they are very hard to detect before they damage thousands or hundreds of organizations. Such cyber security threats are so hard to avoid because they take advantage of trust relationships between vendors and customers.
2) Microsoft Exchange Server data breach
The global wave of cyber threats and data breaches this year began in January with Microsoft Exchange Server data breach. In the attacks observed, hackers took advantage of four separate zero-day vulnerabilities to access on-premises Exchange servers. This threat enabled access to email accounts and allowed the installation of additional malware to facilitate long-term access to victim environments. As a result, web shells were installed on more than 5,000 unique servers in over 115 countries.
The hack could lead companies to spend more on security software and adopt cloud-based email instead of running their own email servers in-house.
3) Kaseya ransomware attack
In early July, the Russian hacker organization REvil launched a Kaseya ransomware attack. In a few words, hackers infiltrated Kaseya, gained access to its customers’ data, and demanded a ransom for its return. The ransomware was released through a malicious patch via Kaseya’s VSA server. As a result, as many as 1,500 MSPs and their customers were paralyzed as this event compromised their security.
What makes this attack particularly serious is that Kaseya is an MSP. They have direct access to the inside of many of their customers’ networks and this makes its systems an efficient vehicle for ransomware.
Ransomware attacks are a growing concern nowadays. They usually target critical organizations like universities or hospitals as they tend to have smaller security systems. On the other hand, big organizations, like Kaseya, are also tempting targets because a lot of companies depend on their security systems. In addition, hackers might think that such organizations are more likely to pay a ransom quickly. In any case, ransomware is extremely scary and IT security experts from all industries need to strengthen their security policies.
Read about ransomware prevention and what can your business do about ransomware in our Blog.
4) PrintNightmare and Magniber ransomware
Another ransomware attack happened this summer when cybercriminals used PrintNightmare to breach Windows servers. In this case, hackers started exploiting the vulnerabilities within Windows PrintNightmare to infect victims with ransomware. PrintNightmare CVE-2021-34527 is a critical vulnerability in the Windows Print Spooler, a service in all Windows clients enabled by default. The remote execution of this code allows hackers to have administrative privileges on target systems. They potentially could install programs, move laterally around networks, create new accounts with full user rights, as well as delete, change, and modify data. This was one of the two original PrintNightmare bugs that started a whole series of vulnerabilities.
The cyber security experts predict that the number of ransomware groups attempting to leverage unpatched networks like this is likely to increase as long as it’s effective.
Find more about PrintNightmare and Magniber Ransomware.
5) Twitch data breach
The popular Amazon-owned game-streaming platform Twitch has been a victim of a cyber attack too. With over 30 million average daily users, the company became very popular in recent days and therefore a potential victim of a cyber security threat. A huge data breach in the beginning of this month was confirmed by the company, with streamers’ earnings and confidential business data being leaked. About 125 GB of data was leaked, including data on Twitch’s highest-paid video game streamers.
The media have defined this breach as “potentially disastrous” because the security researchers believe that the cybercriminals may have reached significant data to the platform’s computer code, and, most of all, to the payment credentials of its users.
“Twitch leak is real. Includes significant amount of personal data,”
cyber security expert Kevin Beaumont tweeted
What researchers warn is that game companies are a lucrative target for malicious hackers. On one hand, the gaming industry is set to reach almost $200 billion in revenue by 2022. On the other hand, some areas of this industry are still not prioritizing security and this increases the risk of cyber security threats.
How can MSPs prepare for cyber security threats?
Ultimately, as an MSP, you need to make sure you stay up to date with everything that is going on in the world of security and the latest cyber security threats. You simply cannot afford to hope for the best when it comes to cyber security.
Here are 4 tips you can action for better cyber security prevention:
Backup data regularly:
Backing up your data regularly is not a form of prevention. It is something that saves your life in case of a cyber attack. However, here is an idea on how to backup your data. You can follow the 3-2-1 backup rule meaning that you’ll keep 3 copies of your data on 2 different types of media – 1 primary copy and 2 backups. You’ll store these copies in at least 2 types of storage media (local and external hard drive). You’ll store one of these copies in an off-site location (cloud storage). Remember, don’t forget to encrypt your backups to avoid lost or stolen backup copies. If you become a victim of ransomware or malware, the only way to restore your data is to erase your systems and restore with a recently performed backup.
Reduce potential exposure to cyber attacks:
Use security software that most matches the needs of your organization and keep it up to date. You can use anti-virus programs and firewalls which will help you detect malicious code. In addition, you can use network management software to monitor for intrusion detection and help you with keeping an eye on what’s happening on your network. Learn how a network monitoring system like Domotz can help you improve your network security.
Increase your organization’s cyber security culture:
Include performing IT security assessments, educating employees, putting together an incident response plan, and using a multi-layered approach to keeping data protected. Build a healthy security culture inside your organization and for the clients you serve. Find here 6 ways to develop a security culture from top to bottom.
Rely on a SaaS solution:
It is often safer to rely on the SaaS on Cloud version of a service than the same application installed on-premise. Firstly, SaaS providers are scrutinized by many parties (e.g. all the customers and partners), Secondly, they often have 24/7 security monitoring & response teams. Finally, as a result, they are faster in responding to threats than an MSP that has to update all the customer’s on-premise installations.
Both Kaseya and Exchange attacks were successful mainly because, while the cloud versions of the software were promptly patched, the ones on-premises were left unmonitored and not updated, allowing hackers to exploit well-known (and fixable) vulnerabilities.