BEC and the multiplier effect:

for the MSP

The days of email scamming has evolved into something far more effective and profitable. One of the earlier and well-known email scams were the Nigerian Prince emails. As I’m sure you recall, these emails would offer you something along the lines of $20 million dollars in exchange for transferring funds out of Nigeria. Today’s attacks are much more sophisticated, as state sponsored and organized crime syndicates use spear phishing, invoice scams, employee payroll direct deposit changes, along with a host of others. These threats, often called Business Email Compromise (BEC) have resulted in $12 billion dollars of loss from December 2017 to May 2018, according to the FBI. The losses continue to rise year after year. The attacks are conducted by very organized and disciplined criminal organizations. They target just about anyone who has money to pay and have zero remorse over those who they victimize.

Today’s attacker is well-trained and experienced. They are more likely to be patient and take time studying an organization’s core business systems, vendors, and key personnel. Many of these criminal organizations have organizational structures, operational goals, financial records, and more. They employ techniques that make it very difficult to trace their whereabouts. They often launch their attacks using impersonation techniques when it comes to wire fraud.

Managed Service Providers (MSPs) are not immune to these attacks either. Large and mature providers have recently been in the news as they have been victims of cyberattacks ranging from ransomware to Office 365 tenant compromises. As an Incident Response and Forensics organization, we have been called into a number of these cases and they are not pretty. Emotions run high and the victim sees its days numbered as it is completely crippled by an attack. There are some basic steps that all MSPs should be doing internally and absolutely doing with their customers. Some of the blocking and tackling tasks come down to:

  • Security awareness training and phishing testing
  • Aggressive vulnerability management
  • Multi-factor authentication
  • Routinely auditing security settings across all platforms (e.g. Servers, Office 365, firewalls, and more)
  • Maintaining current security written policies and ensuring the organization is abiding by them
  • Adding cybersecurity into your hiring processes (e.g. Background checks, interview questions around cybersecurity)
  • Network and endpoint threat detection and log collection, analysis and reporting
  • Robust and bulletproof backups – backups that can be restored in a reasonable amount of time and are protected from the most common ransomware attacks

The MSP continues to be a target. It has a multiplier effect for the cybercriminal as the MSP is a gateway to countless other victims (i.e. A single point of failure). By ensuring you have sound and secure practices in place within your organization, you can help ensure you are not the attacker’s doorway to victimize your customers.

Chris Loehr

Chris Loehr
Guest Author

Chris Loehr is a 20+ year cybersecurity and IT veteran. Much of Chris’ experience comes from working in the financial services industry where banks and firms were required to have sound and mature cybersecurity plans in place. In 2017, Solis Security began a focused effort on incident response. Leveraging their existing IT and cybersecurity capabilities, Solis Security has been able to assist small and medium-sized organizations facing extremely dire circumstances. Solis Security is able to return these organizations to operations very quickly while ensuring that the data required for forensics analysis is preserved. Solis Security also has been a resource for managed service providers across the country providing advice and support with improving their cybersecurity postures, as well as helping their clients become more secure.