Managed service providers can help prevent the most successful cyberattacks by simply locking their doors when protecting the SMB market. My neighbor is a chief of police in a nearby community, and he has been constantly chastising me for leaving my car unlocked. He says there are two types: one, organized car thieves who target specific vehicle types using sophisticated techniques and two, people walking through parking lots trying to open every door in the hopes that someone like me has left their car unlocked. Which of these attack methods do you believe is responsible for the most thefts?
Hollywood would like you to believe it’s a sophisticated crime ring. But, I think we all know it’s not.
How are MSP customers actually attacked?
Similar to the case with cybercrime, popular media coverage would suggest that it is most often the work nation-state actors such as Russia, Iran and China. Many high-profile breaches have been characterized by the presence of highly-trained and organized, state-sponsored or at least tacitly authorized groups that engages in targeted surveillance, surveillance, and highly-patient attack methods. These high-profile breaches are only a fraction of all successful breaches, and nearly none of the attacks against SMB customers of many MSPs.
While state-sponsored criminals won’t be interested in a $75,000 ransomware strike against the local General Motors dealerships, there are many cyber criminals that are. The tools required to secure that ransom can be purchased on the dark net (or for free elsewhere). They find their victims organizations the same way as a car thief in a parking lot: through trial and error.
Automated Tools Spread Their Venom
Cybercriminals use automated scanning tools to scan the internet in just minutes. They search for open ports that provide services with vulnerabilities that can then be exploited using off-the shelf software (exploits). They may also send phishing emails to random network email addresses in an attempt at finding unlocked cars. These attacks are not only impersonal but also automated. When you hear about a ransomware attack on a local animal hospital, it’s not because the attacker targeted it (or doesn’t like cats). It was because their network had a vulnerability that was randomly discovered by an automated scan or because an employee clicked on aphishing email attachment. This is one of many thousands sent by the attackers worldwide to SMBs.
98% of Firewalls Facing High-Risk Threats
How common are these automated scans, you ask? Dark Cubed’s August 2021 threat-blocking study for SMB firewalls through MSP partners found that 98% of firewalls had high risk threats probing their networks via known malicious IP addresses. SMBs should be aware that it is not a question of when but if their network will be scanned for vulnerabilities by bad actors.
Phishing attacks are also extremely successful because the bad guys only need one click. Although phishing training can reduce the number of clicks from employees, it cannot eliminate them. Although patching vulnerabilities sounds great on paper, IT professionals will tell you that it is difficult, time-consuming and resource-intensive work. Newly installed software can also cause problems with the software around it. There are also many vulnerabilities that need to be addressed, which can make even the most experienced IT departments overwhelmed. SMBs with limited resources will find it difficult to accomplish this mission.
Bad Guys Have Vulnerabilities Too
The bad news is that these spray-and-pray attacks against the SMB community are controlled from known-compromise infrastructure. This means that when bad guys use a specific server or device for their attacks on SMB targets, word quickly spreads among threat intelligence sources about the compromised devices, giving the SMB defenses an advantage.
Automated scans that are launched from high-risk IPs may be blocked to prevent network vulnerabilities. Employees can click on phishing emails to establish a foothold on SMB networks from which an attack could be launched. The device controlling the attack can be quickly blocked. This effectively stops the attack before any data can be encrypted and other damage can be done.
Cybersecurity is populated by highly skilled, technically-skilled people. This is usually a good thing since the bad guys can also be smart and technical. The flip side is that cybersecurity is too complicated, especially for women.
