Cloud backup vendor says remote monitoring tools can give bad actors access to clients’ applications and data
Cloud backup and recovery software maker Asigra is warning its network of MSPs of the growing threat ransomware poses to remote monitoring and management (RMM) platforms that are used by service providers and their customers.
The Lowdown: RMM solutions enable MSPs to remotely manage and monitoring their clients’ systems, devices, and networks, giving cyber-criminals that compromise these platforms access to end users’ applications and data, Asigra told MSPs this week.
The Details: Asigra officials said MSPs need to be aware of the threat to RMM offerings, which requires that an agent be installed on everything from enterprises’ servers, workstations, and PCs to hypervisors, networking systems, and mobile devices. When managed services providers use RMM platforms with integrated backup solutions, it creates a single point of access to multiple customers, opening up the opportunity for bad actors to send out its ransomware code to each client and hampering backups.
This capability makes MSPs an attractive target for cybercriminals, the company said.
Asigra outlined three steps MSPs can take to protect RMM platforms from such threats:
>Train employees: Make them aware of targeted phishing attacks, which is how most ransomware gets into the network.
>Separate data protection, RMM solutions: MSPs also should stay away from integrated solutions, all of which will make it more challenging for attackers to launch their ransomware attacks.
>Choose the right backup solutions: Some backup offerings make it impossible for ransomware or any malware to delete the backup. In addition, opt for backup software that prevents ransomware infection by scanning both backup and recovery streams.
The Impact: MSPs, with their growing lists of customers and deep access into their IT environments, are becoming attractive targets of cybercriminals. The FBI and Department of Homeland Security two years ago warned MSPs and cloud services providers that bad actors wanted to exploit them to get to their customers and others – including Continuum and MSPAlliance – also have put out warning signals. Vendors like Barracuda Networks and Axcient also are rolling out anti-malware tools aimed at MSPs.
The Buzz: “Once RMM administrative privileges are compromised by a criminal hacker using tried, true, and very effective methodologies such as phishing, website hijacking or malicious advertising,” said Marc Staimer, principal analyst for DragonSlayer Consulting. “The criminal party identifies the MSP employee targets and begins to attack.”
“In many technology segments, the centralization of computing processes provides great value. However, tight integration of RMM and data protection is an area where extreme caution is warranted when it comes to backup/recovery design,” said Eran Farajun, executive vice president at Asigra. “The density of high value data in many RMM environments is too alluring for criminal hackers to avoid, making it incumbent upon the MSP to architect a bulletproof data recovery model. For the strongest protection, services professionals are advised to disentangle RMM and backup to ensure system recoverability.”