February 04, 2020
Collaboration: The Key to Cyber Protection
According to the “Official 2019 Annual Cybercrime Report”, cybercrime is the world's largest criminal growth industry and will cost companies across the world $6 trillion annually by 2021. As cybercrime wreaks havoc on a global scale, it is more important than ever for technology vendors, MSPs, and SMBs, to combine our efforts and expertise to stay ahead of threat actors and protect ourselves and each other.
In July 2019, I met with Kyle Hanslovan and John Ferrell, VP of ThreatOps at Huntress, to discuss this exact challenge. As a result, the very first grassroots MSP-ISAC was established for vendors in the MSP community where we can share experiences and work together to fight off attackers. We now have the ability to find and resolve threats, and identify new behavioral patterns and methods of cybercrimes to stay ahead of these highly sophisticated threat actors.
Zero Day: MSP-ISAC Put to Work
In the short time it has been active, the MSP-ISAC has led to some valuable findings. During a typical routine dark web monitoring practice in October 2019, our team identified a threat actor, which we, along with Huntress, later discovered was looking to sell an MSP’s Virtual Private Server (VPS) control panel on the dark web for $600 in cryptocurrency. Datto shared the post with the MSP-ISAC community, and given the Huntress team’s background in cyber operations at the National Security Agency (NSA), they were more than up for the challenge to stop the attacker.
The primary goal was to identify and help the MSP, but the secondary goal was to get a better understanding of the threat actor, what new challenges it could present, and what its motivations and tactics were. It isn’t every day that cybercriminals engage with their target - unwittingly offering insight that’s otherwise enigmatic to the good guys.
After monitoring their every move, Huntress successfully engaged the attacker, by making a bogus offer in order to gain additional intel and eventually identify the targeted MSP, so they could start remediation. Once the MSP and its vendor were identified, the vendor took it successfully from there.
While this instance had a positive resolution, these types of attacks happen on a regular basis. The key takeaway here is that none of this would have been possible if it weren’t for each individual’s commitment to collaboration. We are proud to be members of the MSP-ISAC community and willing to share our expertise, learn from others, and grow stronger together to combat this endemic threat.
For a deeper look at the events that took place in October 2019, check out Huntress’s blog.