Perch Security 2020 MSP Threat Research Report: Key Takeaways
Perch Security, which provides co-managed threat detection and response services to MSPs, is pulling back the curtain on some of its threat research. During a webcast today, the company previewed a Perch 2020 MSP Threat Report to attendees.
Some of the key findings include:
1. MSP Ransoms Are on the Rise: Ransoms associated with ransomware attacks against MSPs rose from $10,000 last year to anywhere from $100,000 to $1 million this year.
2. Ransomware-as-a-Service (RaaS) Is Leading to More Efficient Cyberattacks: RaaS enables cybercriminals to launch ransomware attacks without having to worry about the time and resources associated with running and maintaining their own ransomware.
3. Cybercriminals Often Use Several Initial Attack Vectors: The most-common initial cyberattack vectors include credential stuffing via remote desktop protocol (RDP) or virtual network computing (VNC), vulnerabilities in web applications and spear phishing.
4. Cybercriminals Use a Variety of Ransomware Strains: The most-common ransomware strains discovered in MSP attacks were Sodinokibi, Ryuk, DoppelPaymer and Snatch.
5. Cybercriminals Are Leveraging the ‘Buffalo Jump’ Attack Tactic: Cybercriminals have begun using “Buffalo Jumps,” i.e. instances in which an MSP is breached and more than one managed organization is compromised with malware, to launch ransomware attacks against MSPs with greater frequency and severity than ever before.
How Can MSPs Combat Ransomware Attacks?
Perch offers several recommendations to help MSPs guard against ransomware attacks, including:
- Ensure only authorized users can access appropriate devices and systems.
- Enable multi-factor authentication.
- Remove all publicly accessible servers.
- Develop an incident response plan that includes ransomware tabletop exercises.
If an MSP faces a cyber ransom, it likely experienced a cyberattack weeks or months earlier, Perch noted. With the right approach to prepare for ransomware attacks, MSPs can protect their devices and systems and limit the impact of these attacks.
Perch Security’s financial backers include Fishtech Group and ConnectWise, a provider of business automation and IT management tools to MSPs and technology solutions providers. Perch’s overall partner strategy spans MDR and SOCaaS (security operations center as a service) for MSP partners.