Multiple Angles of Attack
MSP security today requires multiple levels of protection. It is common to see a cybercriminal utilize multiple avenues of approaches to trick a client. Three very common methods you will see today are:
- Spear Phishing
Spear phishing is a situation where a hacker tries to get a client to send them money through fraudulent means and social engineering. The hacker finds a mental vulnerability to exploit.
In the military, discipline, rank, and following orders determine a great variety of daily activities. Demeanor is often an important aspect of the social construct that defines the military. As a result, an individual who understands this social construct and can attain the proper insignia may proclaim his way to the top brass on a given base without having any true authority to do so. A stark and dramatic example, perhaps, but many hackers are doing just the same. They are dressing up their attack to fit with the social conventions of the targets that they are seeking to undermine.
The spear phishing technique most often features impersonation. The hacker will take on the identity of someone close to the target. A great example would be as pertains to a mortgage on a home. A hacker may send a message saying the bank of the brokerage has changed, and to wire payments that direction. The message will come under the name of the homeowner’s broker. However, a certain detail will demonstrate the fraud: spoofing.
An email address with the name of someone well-known to a homeowner, but a different ending, could be— and likely is— fraudulent. For example, if your broker’s email was: “MyGoodBroker@gmail.com,” you may find the “spoofed” message comes from “MyGoodBroker@gmx.com.” Only three letters are different and the human eye is likely to slide right over them without registering the change.
Someone not paying close attention could send thousands of dollars right into a hacker’s account and not even realize it, not until the dust settles, anyway. Moreover, that is the plan of the hacker. Thankfully, overcoming such identity-based spear phishing attacks can effectively be done through education from your MSP security agency. Your clients need to know where vulnerabilities are and how to overcome them. It is good to schedule a meeting with the staff of your client to help impart simple security tips. Some other means of securing clients include:
- Real-time artificial intelligence impersonation/spear-phishing prevention
- Domain fraud visibility through authentication methods
- Protection against domain spoofing
- Protection against brand hijacking
- Attacks simulated against individuals at high risk within client organizations
To prevent cybercrime incorporating social-engineering techniques, one solution many MSPs are turning to today is artificial intelligence. There are AI engines today, which can follow trends and help fortify clients in a proactive and continuous way, by spotting questionable communication and flagging or deleting it. From there, your MSP should ensure email networks have authentication that additionally sifts out fraudulent messages. Authentication can also help prevent both domain spoofing and brand hijacking. Finally, you want to simulate these attacks on high-risk clients in order for them to understand what such phishing swindles look and feel like.
There are nigh-endless configurations of cybercriminal attacks, which utilize elements as described here, in combination with entire novel areas of approach. There was a massive DDoS attack towards the end of 2016, which affected a bigger part of the east coast. It was done through Trojan programs hiding in third-party applications and activated at a particular time. In the same year, the DNC was hacked and so was a transit system in San Francisco. In May 2017, the WannaCry ransomware worm used SMB ports that had not been properly patched to infect businesses across the planet— in around 150 countries, to be precise.
Cybercrime is an expanding industry appraised at $2 trillion by 2019. Your clients need protection, education, and cutting-edge MSP security solutions. It is an integral requirement for your organization to remain on the cutting edge as it is for you to keep your clients up to date. When hacking goes beyond technology and employs the human element, as it has, vulnerabilities multiply.