Threat Intelligence, MSSP, MSP, MDR, Vulnerability Management

Critical Start Arms MSSPs, MSPs with Cyber Threat Intelligence

Credit: Adobe Stock Images

Global cybercrime has shown no sign of decline and is expected to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015.

That sobering news comes from Critical Start, a Top 250 MSSP specializing in managed detection and response (MDR) and managed cyber risk reduction (MCRR), via its biannual Cyber Threat Intelligence Report. The report examines the top threats observed in the first half of 2024 along with emerging cybersecurity trends impacting the manufacturing, healthcare, technology, professional services, engineering and construction industries. It also includes strategic insights that are crucial for shaping long-term security postures.

Callie Guenther, Cyber Threat Research senior manager at Critical Start, emphasized how the report can be a valuable tool for MSSPs and MSPs.

“The report highlights evolving threat landscapes, with a particular focus on sophisticated APT activities and emerging TTPs that could affect global operations,” Guenther told MSSP Alert. “MSSPs and MSPs can leverage these insights to anticipate and mitigate high-impact threats, improve threat intelligence sharing with clients, and align their services with the latest adversarial techniques, ensuring robust protection for critical infrastructure and sensitive data.”

Guenther urged MSSPs and MSPs to use the information to help them stay ahead of adversaries, reinforce client trust and drive business growth through enhanced threat detection and response capabilities.

“The detailed analysis of sector-specific threats also allows for tailored security measures, making it a valuable tool for prioritizing resources and refining incident response strategies,” she said.

“A Worrying Trend” in Cyberattacks

The Critical Start Cyber Research Unit (CRU) analyzed 3,438 high and critical alerts generated by 20 supported endpoint detection and response (EDR) solutions, as well as 4,602 reports detailing ransomware and database leak activities across 24 industries in 126 countries. 

The CRU spotted “a worrying trend” in the first half of 2024 with cyberattacks targeting specific industries. Key report findings include:

  • Manufacturing and Industrial Products remain the top targeted industry by cyber threat actors in the first half 2024, leading with 377 confirmed reports of ransomware and database leak hits.
  • Professional Services saw an increase in reported database leaks and ransomware attacks, jumping by 15% compared to 2023 with 351 cases reported vs. 334. Legal services organizations, including courthouses and supply chains have become prime targets due to the wealth of intellectual property and sensitive data they possess.
  • Healthcare & Life Sciences ransomware and database leak incidents surged by 180% in February 2024 compared to the same period in 2023, coinciding with the attack on Change Healthcare and other healthcare providers.
  • Engineering and Construction remained a consistent target for cyberattacks in the first half of both 2023 and 2024. The United States experienced the brunt of cyberattacks in the first half of 2024 with a 46.15% increase compared to 2023.
  • The technology sector experienced a 12.75% decrease (from the first half of 2023) in database leaks and ransomware attacks targeting technology companies

The report also highlights trending concerns for businesses, including:

  • Business email compromise (BEC) attacks. Previously focused on large corporations, BEC scammers are now targeting smaller, less cybersecurity-conscious businesses
  • Deepfakes and social engineering. Findings show a surge in deepfake attacks, with an exponential 3,000% increase in deepfake fraud attempts
  • Abuse of open-source repositories. Attackers are increasingly using these repositories to launch two main types of attacks: repo confusion attacks and supply chain attacks.

Guenther noted that the first half of 2024 has painted a concerning picture of the ransomware threat landscape. Accordingly, Critical Start is continuing to observe a surge in ransomware and database leak activities.

"With bad actors becoming more sophisticated, it is vital for organizations to have a strong security culture and strategy in place,” she said. “Managed detection and response (solutions that integrate asset inventory, endpoint controls security coverage and MITRE ATT&CK mitigations help organizations proactively mitigate risk, leading to a reduced attack surface and a more resilient security infrastructure."

Critical Start Launches New Vulnerability Management Service

Earlier in August, Critical Start brought to market its Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization offerings. These new capabilities enable organizations to assess, manage, prioritize and reduce cyber risk exposure posed by vulnerabilities across their environments, the company said.

The managed service leverages Critical Start's collaboration with Qualys, utilizing its vulnerability management, detection and response solution, Qualys VMDR. 

The Vulnerability Prioritization capability — optionally included with Vulnerability Management Service or available standalone — identifies high-risk vulnerabilities as calculated by Critical Start. These assessments are based on multiple dimensions, including CVSS scores, threat intelligence, exploit weaponization by attack type (ransomware, malware, botnet), asset criticality and exposure settings due to technical security controls gaps. 

"Organizations understand that effective vulnerability management is critical to reducing their cyber risk exposure, but many struggle with the complexity and effort involved in implementing and running an accurate and timely vulnerability management program," Chris Carlson, chief product officer at Critical Start, said in a statement.

"By providing Vulnerability Management Service and Vulnerability Prioritization built on top of end-to-end asset visibility, this key part of our holistic risk reduction approach enables security teams to easily identify, manage, prioritize, and address the vulnerabilities that matter most to meeting their organization's risk tolerance, protecting against threats, and minimizing their overall exposure."

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.

You can skip this ad in 5 seconds