ChannelVision Magazine

CYBER PATROL According to the just-released 2020 Threat Report , which examines the latest adversarial techniques and tac - tics analyzed by BlackBerry Cylance, managed security service providers (MSSPs) became “high-value targets” for threat actors in 2019, as a new ransomware called Sodinokibi caused mass disruption by infiltrating hosted environments. Compromising MSPs and MSSPs allowed threat actors to easily distribute attacks against mul - tiple organizations, said the report, “a tactic likely to draw more attention in the future.” According to Blackberry Cylance findings, ransomware called Sodi - nokibi/Sodin/REvil appeared in the wild sometime in mid-2019. This ransomware targeted businesses and caused mass disruption in some U.S. government agencies. “Similar to GandCrab, the technical details of Sodinokibi are fairly mundane,” said the report, “but its deployment meth - ods are noteworthy.” In most cases, the initial compro - mise occurred via targeted phishing attacks aimed at managed service providers and MSSPs managing IT and security within the target orga - nization. The threat actors would leverage a foothold in the target or - ganization by using remote manage - ment tools such as Go2Assist or Nin - jaRMM, explained Cylance research - ers. Once inside, attackers deployed common tools including Passcape’s password recovery tool to steal cre - dentials. Threat actors also accessed servers hosting security software and disabled them. Next, the attackers connected to domain controllers and used existing software deployment tools to push ransomware to every machine in the environment. “MSPs and MSSPs are proving to be high-value targets for threat actors,” said the report. “Once attackers estab - lish a foothold, they can easily pivot to the hundreds of other diverse and vul- nerable targets in the environment.” Making sure MSPs and MSSPs use effective cybersecurity tools, the report warned, will be critical for or - ganizations in 2020. “New techniques to obscure mali - cious payloads and distribute attacks across multiple organizations paid off for threat actors in 2019,” said Eric Cornelius, chief technology officer at BlackBerry Cylance. “With the increasing ease of access to attack toolkits combined with the explosion of endpoints connected to organiza - tions’ networks, the global threat landscape for emerging threats will only continue to escalate in 2020.” Keyfactor Launches Partner Network Keyfactor, which specializes in se - curing digital identities, has launched a global channel partner program for its SaaS-based solution and appointed BJ Ferguson as head of global channel sales and operations. The program – which targets solution providers, strategic OEM and distribution alliances and systems integrators – features aggressive sales margins and access to education, certifi - cation programs and marketing develop - ment funds, said the company. “Cryptographic best practice is modern - izing public key infrastructure (PKI) tool - ing and processes, yet the industry lacks a center of excellence that can support enterprise-wide best practices,” explained Jordan Rackie, chief executive officer at Keyfactor. “The Keyfactor Partner Network brings together best-in-class PKI technol - ogy and solution providers, making critical digital identity management resources broadly available to all enterprises.”. “ “Many organizations are trying to manage PKI in-house through legacy processes, which are no match for today’s complex security risks,” said Ferguson. “The Keyfactor Partner Network makes it easier to manage enterprise PKI chal - lenges – it brings an innovative network of partners together to solve companies’ evolving cryptography requirements.” Cybercriminals Turn Focus to MSSPs Top Overall Attack Industry Targets arket Source: Blackberry Cylance 51% 22% 18% nds IT 31% 46% Retail and Whole sale Technology – Software Healthcare Service Provider Business Services, NEC Manufacturing Finance – Banking/Investments Government – Local/Education Education Services Technology Software Other 11% 23% 9% 7% 6% 5% 5% 5% 4% 3% 22% ion Strategy According to a new study from Blackberry Cylance, the retail and wholesale vertical remained the most targeted sectors in 2019, when almost a quarter (23 percent) of all retailers suffered a compromise of sensitive financial information. Likewise, three of the most prevalent threats of 2019 – Emotet, Ramnit and Upatre – all focused on retail organizations. Coinmining operations also had a focus on retailers, said Cylance researchers, with 47 percent of attacks impacting that sector. Retail Remains Top Target 50 CHANNEL VISION | March - April, 2020