The Hottest New Cyber Espionage Target: Your MSP Business

A notice for our international managed service providers on how to protect your practices against “APT10”

By Tara Newman
Director of International Sales and Marketing
RapidFire Tools

As a managed services provider (MSP), it’s your job to protect your clients’ networks from threats. Yet according to a report from global consulting firm PwC UK released this month, cyber criminals are now targeting you, the managed service provider. While you know security is important, and you have likely been encouraging your clients to invest in security services, it’s time to double down on your own internal security efforts.

The group responsible for the recent attacks targeting MSPs is a “China-based threat actor” identified as “APT10.” This group has been effectively launching lucrative cyberattacks across the globe since 2009, and is now focusing its energy on MSPs in a campaign PwC UK has termed “Operation Cloud Hopper.”

As is the case with most data breaches, these attacks start out with a phishing scam, typically in the form of a desirable communication from a reputable organization. Once clicked, the malicious file installs malware. Criminals then use a sophisticated set of custom tools to gain user credentials that allow them to use the MSP’s existing tools to access and extricate sensitive and proprietary customer data.

While the attacks typically come in the form of a phishing email, the strategies and tools being used to target MSPs are so advanced that anti-malware companies often struggle to keep up. Whenever a new threat arises, it takes time to patch the gap in coverage. This means even with have an anti-malware solution in place, your IT network still faces windows of vulnerability.

To bridge those network security gaps, and prevent employees from unwittingly giving cyber criminals unbridled access to your network, it’s important to scan for internal vulnerabilities that anti-malware solutions might miss.

PwC UK estimates that thousands of MSPs across the world—especially in Europe, North America, Australia, and Asia—have already fallen victim to APT10 cyberattacks that expose sensitive customer data.

Why MSPs Are Being Targeted by APT10

As an MSP with direct access to high-profile companies, cybercriminals see your organization as a lucrative target. Instead of trying to compromise ten to 20 separate companies, all these criminals have to do is compromise an MSP’s network to gain entry to data from dozens of other businesses.

Why go after a single fish when you can take down the whole school? That seems to be the mind-set behind of cyber criminals targeting MSPs with phishing attacks that compromise end-customer data.

Why Malware Protection Isn’t Enough Anymore

To protect your MSP business against being the next victim of Operation Cloud Hopper, it’s important to craft an internal security solution that doesn’t just prevent external threats, but also looks for vulnerabilities and threats that are already inside your network.

You might be surprised to learn that, according to Security magazine, internal vulnerabilities are responsible for 70% of data breaches in small and medium sized businesses (SMBs).

Using a tool to scan for common internal vulnerabilities, such as unusual user behavior, can be an effective and easy way to identify, investigate, and eliminate threats inside not only your network, but also your customers’.

Beyond the security essentials you already have in place, consider adding an internal vulnerability scanner like Network Detector to your existing security toolset. With Operation Cloud Hopper showing no signs of slowing its efforts to compromise MSPs’ client data, it’s important to have extra security measures in place now, to prevent your network from being used as a tool to harm your customers.

To learn more about how Network Detector can help you prevent costly APT10 Operation Cloud Hopper attacks, click here.