It appears hackers are becoming more zealous and going for bigger game. According to a new report from Reuters, hackers from China have targeted eight major computer firms and MSPs throughout a year-long attack.
The "Cloud Hopper" attacks have hit some major companies such as HPE, IBM, and Fujitsu. The attackers are able to ‘hop’ into client networks after attacking service providers and attempt to steal sensitive corporate and government information. It's currently unclear how damaging these attacks were, the number of victims affected, and what type of information may be compromised.
This threat actor is not generally using sophisticated attacks to gain entry into MSP management platforms. They are utilizing publicly disclosed passwords and walking right through the front door. According to Chris Henderson, Director of Information Security at Datto, the re-use of passwords across platforms greatly increases the risk an MSP faces from this threat actor. To mitigate this risk, your employees should be using a password manager separate from the browser built-in functionality and generating unique passwords. 2FA should be in place for all platforms used to provide services to your clients, especially remote management tools.
“We have seen this threat actor targeting users of major vendors in the MSP space. This is a real threat and should be taken seriously,” said Henderson. We saw a similar threat on a much smaller scale this past fall. The National Cybersecurity and Communications Integration Center (NCCIC) issued an alert after MSPs were the target of advanced attacks, referred to as Advanced Persistent Threat (APT) groups.
As we found in Datto’s State of the Channel Ransomware Report, the majority of MSPs surveyed believed MSPs would increasingly become targeted by ransomware attacks. To learn more about the current landscape of ransomware and how you can avoid falling victim, visit www.datasafellc.com