Managed security service providers (MSSPs) are among the hardest hit in the information and technology (IT) and communications sector by hackers going after backup systems as door openers to malware campaigns, according to Darktrace, a Cambridge, UK-based cybersecurity artificial intelligence (AI) provider.
Cyber attackers are making a “beeline” for backup servers to disable or corrupt files by deleting a single index file that would render all backups inaccessible, Darkside said. In effect, hackers are following the scripts laid out in the SolarWinds and Kaseya attacks. In those instances, bad actors attacked managed service providers (MSPs) to launch downstream, supply chain ransomware attacks against their clients, subsequently forcing victims to meet their payment demands.
In 2021, cyber crews appear to have shifted their primary targets to IT and communications from the financial sector, said Justin Fier, Darktrace’s cyber intelligence and analysis director. “Over the last 12 months, it is clear that attackers are relentlessly trying to access the networks of trusted suppliers in the IT and communications sector,” Fier said. “Quite simply, it is a better return on investment than, for example, going after one company in the financial services sector.
Darktrace said its data relies on early indicator analysis that examines the breadcrumbs of potential cyber-attacks at several stages before they are attributed to any particular actor and could potentially escalate.
Additional findings from the study include:
Artificial intelligence autonomously interrupted an average of 150,000 threats per week against the IT sector in 2021.
Email was the most common malware tactic, with organizations in the IT sector receiving an average of 600 unique phishing campaigns a month in 2021.
Threat actors often use software and developer platforms as entry points into other high-value targets, including governments and authorities, large corporations, and critical infrastructure.
“The reality is that attackers are patient and creative,” Fier said. “They will usually go right through the front door by compromising trusted suppliers in the IT and communications industry. To downstream customers, it appears as business as usual and is just another application or piece of hardware from a trusted supplier.”