Cybercriminals targeting MSSPs and MSPs

Cybercriminals are viewing the channel as an attack point to spread ransomware, according to the BlackBerry Cylance 2020 threat report.

Managed security service providers (MSSPs) and managed service providers (MSPs) in particular are firmly in the sights of the cybercriminals.

The report said: “Advanced persistent threat groups and other adversaries released updated malware and displayed innovative attack techniques throughout 2019. Their focus on improving encryption routines and concealing malicious payloads through steganography raised the bar for security researchers and threat detection solutions.”

Cybercriminals could widely distribute attacks by compromising managed security service providers and infiltrating their customers’ environments, the report said.

MSSPs were increasingly being targeted by criminals looking to get ransomware deployed at the user level.

“In most cases, the initial compromise occurred via targeted phishing attacks aimed at MSPs and MSSPs managing IT and security within the target organisation. The threat actors would leverage a foothold in the target organisation by using remote management tools like Go2Assist or NinjaRMM”, the report stated.

“MSPs and MSSPs are proving to be high-value targets for threat actors. Once attackers establish a foothold, they can easily pivot to the hundreds of other diverse and vulnerable targets in the environment. Making sure MSPs and MSSPs use effective cybersecurity tools will be critical for organisations in 2020.”