We are one week away from MSSP Alert Live in Austin, Oct 14-16, our annual in-person event. We launched this event to give our community of MSSPs and cybersecurity-minded MSPs way to meet in-person and in real time nad share their best practices and experiences.
There’s no better event for service providers in the cybersecurity channel. This year we are taking it a step further by unveiling the MSSP 250 2024 list at MSSP Alert Live. This list of the top MSSPs in the world, available only from MSSP Alert. At our live event we'll honor and celebrate this elite group with a poolside party. Whether you are on the list or aspire to be there's no better place for you to be to learn more about the MSSP business. You should come.
Plus, we’ve got an amazing lineup of expert speakers and panelists sharing their experience and knowledge to help accelerate your cybersecurity practice and your business. If you are an MSSP and/or MSP, I can get you a special rate to attend. Get in touch with me at [email protected] and I will hook you up.
And as always, please send your news, tips and insights to me at [email protected].
Today’s MSSP Market Update
1. Chinese cyberattack targets comms data - A new cyberattack by Chinese hacking group Salt Typhoon hit the networks of U.S. broadband providers including Verizon, AT&T and Lumen Technologies and appears to be geared toward intelligence collection including lawful U.S. requests for communications data, according to a Wall Street Journal report.
2. Rackspace breach linked to zero-day vulnerability - Arctic Wolf is reporting that a recent Rackspace breach that first was reported on September 24 has been linked to a zero-day vulnerability in ScienceLogic’s SL1’s third-party utility. Rackspace has indicated that the breach was limited to performance monitoring data of low-security sensitivity. This data included customer account names and numbers, customer usernames, Rackspace internally generated device IDs, names and device information, device IP addresses, and AES256 encrypted Rackspace internal device agent credentials.
3. Protecting against password spray attacks - Huntress is taking a closer look at the Microsoft “Midnight Blizzard” attack first reported by the software giant at the beginning of 2024. This password spraying attack offers lessons to anyone responsible for defending Microsoft 365 environments. Huntress says a key aspect in hunting for password spray attacks is understanding what “normal” looks like for an organization. Check out the blog post here.
4. SOC insights reveal Trojan malware - Blackpoint Cyber reports that its SOC response to a total of 703 total incidents across on-premises, Microsoft 365 and Google Workspace protected environments during the week of Sept. 25 to Oct. 2. Events included Trojan malware likely for collection of sensitive data, PowerShell scripts in an attempt to collect sensitive data, Trojan/stealer malware likely for credential access. Read more in the blog post here.
5. Business email compromise accelerating - Check Point reports that its Harmony Email & Collaboration cyber security researchers have caught over 5,000 spoofed Microsoft notifications over the last month. The company points out that Microsoft is one of the most frequently impersonated brands, used by scammers to deceive email recipients. Check Point notes that business email compromise is accelerating and offers several measures organizations can take to sidestep email-based threats in a recent blog post.
6. Automation aids alert fatigue for SOC technicians - A new blog post from LevelBlue, AT&T’s cybersecurity organization, notes that streamlining SOC (security operation center) processes can help with alert fatigue, which is a big and growing problem for SOC technicians. Filtering false positives and prioritizing real threats are among the recommendations, and the full post is available here.
Looking for more news and a list of industry events? Check out the daily news column on our affiliate site ChannelE2E here.