We’ve all watched enough TV and movies to recognize the stereotype of the computer hacker in the hoodie, the lone wolf wreaking online havoc from their messy basement bedroom. While solitary saboteurs of that sort aren’t unheard of, the truth of the matter is that modern cybercrime is a big business, and modern cybercriminals are generally well-organized, well-funded, highly trained, and motivated by profit. And there’s a lot of profit to be had — around $1.5 trillion annually, or three times the annual profits generated by Walmart.
It makes more sense, then, to ditch that Hollywood stereotype and, instead, think about cybercriminals as what they are: organized criminal organizations. The range of crimes that make up most of their portfolios could come straight out of an old gangster movie. Theft, extortion, intimidation, blackmail, and vandalism are all rampant online. The organizations responsible are generally run in much the same way as legitimate businesses, with teams dedicated to areas like product development, technical support, training, marketing and communications — even customer service. After all, someone has to deal with “customers” in order to collect ransomware payments.
Let’s take a closer look at the professional world of cybercrime, and what measures managed service providers (MSPs) can take to defend their clients against it.
Know Your Threat Actors
As with real-world crime, cybercrime comes in many forms, each with its own methods and motivations. Understanding the criminals behind the cyberattacks can go a long way toward keeping your customers and your organization prepared and protected. There are six key groups that play an outsized role in the world of online crime:
Organized Cybercrime Gangs
Cybercrime gangs are in it for the money. Their main goal is to access valuable personal, financial, or health data and resell it on the dark web. They make use of sophisticated peer-to-peer networks, encryption technologies, and digital currencies to hide their tracks. They move as quickly and efficiently as any heist crew and are just as hard to nail down.
Nation-State Sponsored Threats
State-sponsored hackers employ many of the same techniques as organized crime gangs, but their motivations and targets tend to differ. Their attacks are backed by governments or political organizations and usually carried out against other governmental or political entities, including infrastructures. State-sponsored cybercrime is often focused on stealing information that can be used in espionage, redirecting or stealing funds from rival governments, or creating disruptions in government functions and services. With access to deep bank accounts and high-end technology, these are some of the toughest criminals to counteract.
Insider Threats
Sometimes the biggest risks come from the inside. Employees within an organization have far easier access to sensitive materials than outside attackers do, and often have the added motivations of spite or grievances against the company. The chance to do damage to an employer can sometimes be a bigger motivator than pure profit. And not all internal threats are malicious — a careless or under-trained employee can put an organization at serious risk by leaving digital gateways open, falling for phishing scams, or any number of other lapses in basic cybersecurity.
Ransomware-as-a-Service Operators
Of all the strains of cybercrime, ransomware gets the biggest and most alarming headlines, and with good reason. Ransomware-as-a-service (Raas) is a booming business in which groups or individuals sell ransomware tools to affiliated bad actors. After that software has been deployed and a ransom has been collected, the affiliate and the operator both get a cut of the profits. It operates on the same principle as affiliate marketing, but with a much darker endgame.
Novice Attackers
Novice attackers tend to be young, inexperienced, and often sloppy in their techniques — but that doesn’t make them any less dangerous. These are frequently aggressive hackers who are willing to take risks that more seasoned cybercriminals might not as they try to “build their brand.” Of particular interest to MSPs, these criminals often target small businesses with smaller security budgets, those whose defenses are usually easier to breach than more visible targets.
Black Hat Attackers
Named for the villains in old Western movies, black hat attackers are often the most purely malicious of cybercriminals. While they may be associated with larger groups, these are essentially rogue freelance hackers who hire themselves out based on their specific skill sets. That could be phishing, installing ransomware, operating remote access tools, or any number of other criminal activities. Financial gain is a key motivator for black hat criminals, but they may also be out for revenge against a particular business, looking to make a political or social statement against a particular industry, or just seeking to sow chaos across an organization because they can.
Learn more about the six major categories of threat actors.
What Is the Risk for Managed Service Providers?
Small and midsize businesses turn to MSPs to manage and monitor their cybersecurity function, since they typically lack the budget and resources to handle security in-house. That’s one of the things that makes working with an MSP such a sound business decision for so many organizations, but it's also cause for MSPs to be more concerned about their own security measures.
Because MSPs generally work with a wide base of customers, they can be said to hold the keys to many kingdoms — troves of personal data, financial information, and other materials that are irresistible to cybercriminals. The fact that MSPs often manage a geographically disparate customer base via remote administration tools only makes them a more appealing target. After all, why spend your energy infiltrating businesses one by one when you can do just as much damage by breaching an MSP that can give you access to multiple businesses at the same time?
Looking at it from that angle, it’s no surprise that cyberattacks on MSPs have been climbing rapidly in the past several years. That creates a real risk for MSPs of all kinds — if the provider a customer hires to protect their sensitive data ends up exposing it instead, it won’t take long for customers to lose trust in hiring MSPs for security purposes. That makes it all the more important for MSPs to implement robust, holistic security measures for themselves and their customers.
That includes making a concerted effort to understand the unique online vulnerabilities of each customer and their industry, making certain that all of your remote administration tools are kept up-to-date at all times, and advising customers to use multi-factor authentication and limit administrative access to only those employees who truly need it. That can be a tall order for an MSP with a broad range of diverse clients to manage, which is why many MSPs are opting to rely on a third-party solution to shore up their cybersecurity efforts.
Protect Your Customers
Cybersecurity is a major undertaking, especially for managed service providers striving to protect the data of multiple customers at the same time. Considering that most of those organizations deal with upwards of 10,000 security alerts each day and don’t have full visibility into their own security infrastructures, the order becomes even taller.
An Arctic Wolf partnership offers MSPs broad visibility across your and your customers’ endpoints, network, and cloud environments. Our cloud-native Security Operations Platform processes over 2 trillion events per week and enriches them with threat intelligence and risk context to enable faster threat detection. To put it simply, your customers’ online security is too big of a concern to be entrusted to anyone without the reach, experience, and dedicated knowledge to make it their first priority. Contact us today to see how we can keep you, and your customers, protected in the age of growing cybercrime.
Guest blog courtesy of Arctic Wolf. Read more Arctic Wolf guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.