Webinar: Protecting Your SMB Clients from Today’s Cybersecurity Threats

TL:DR; Cloud services distributor Giacom and cyber security experts Acronis recently delivered a webinar about protecting your SMB clients from today’s cybersecurity threats.

The agenda included an explanation of the recent threat landscape and a detailed breakdown of how ransomware works.

Finally, there was a brief tour of the features of Acronis Cyber Protect. Attendees learned how it helps prevent malicious software entering your system, and protects your data.

Webinar: Protecting Your SMB Clients from Today’s Cybersecurity Threats

Presented by:

• Simon Wilson: Account Manager for Giacom
• Candid Wüest: VP of Cyber Protect Research for Acronis

With cybersecurity high on everyone’s agenda these days, as business owners we may sometimes feel that there are much bigger fish for ransomware attackers to exploit. Especially when we see so many big players falling victim to attacks on the news.

However, the truth is simply this: Everyone is a target!

Watch the Replay of the Webinar Below

Threat Landscape 2022

To understand the threat landscape, we need to look at the potential infection vectors for small and medium businesses.  Amongst today’s cybersecurity threats, email is still very much the primary vector, but there are others to consider too.

• Malicious Emails and Phishing: including office documents containing macros and personalised AI spam
• Vulnerable Remote Systems: Exposed VPNs, Unpatched Exchange or DNS, DDoS
• Abusing a Trust Relationship: Abuse infrastructure, software supply-chain and dependency attacks
• Misconfigured Cloud Services: weak authentication, unprotected storage, exposed APIs
• Ransomware Extortion: steal data and uninstall backups, double extortion after initial data breaches

How do They Get In?

The two most common ways cyber criminals get into our systems are:

• Initial Access Brokers – once phishing campaigns are successful, the data is bought and sold on the black market
• Pay an Insider – groups like Lapsus$ and Lockbit 2.0 will try to tempt an insider to provide access details for a percentage of the ransom

Global Ransomware Attacks

In 2021 Acronis blocked 150k ransomware attacks.

In the first quarter of 2022, 3.6% of global ransomware detections originated in the UK. This put the UK fifth on the list worldwide.

According to the Acronis Cyber Protection Week Global Report:

• 68% of SMBs are most concerned about phishing attacks
• 53% of SMBs are most concerned about ransomware attacks

76% of companies experienced some downtime during 2021. The most common causes of the downtime were:

• 52% experienced downtime due to a system crash
• 42% reported human error as the cause of downtime
• 36% reported downtime due to a cyber attack

A Typical Infection Chain

Using the email route as an example, here is how a typical infection chain works:

1. The malicious email contains an attachment, which, once opened, runs a hidden macro
2. The macro will begin downloading via Powershell or will download directly into memory, making it ‘fileless’
3. Once in, the ransomware will begin elevating its privileges, or clone the highest level with the Domain Admin password
4. Then it will spread laterally across the system infecting other machines
5. And finally, it will deliver its payload, stealing your data and locking you out

 

 

Examples of Ransomware Builders

There are many Ransomware builders available on the internet. Some use the command line, while others have their own GUI interfaces which give you other configurable options. Here are three examples of builders and what they do:

• Babuk is a command line executable which creates two files. One is the encryption tool, and the other the decryption tool. The decryption tool would be typically sent to the victim who has paid the ransom to remove the encryption on their data
• Cyborg Builder is a GUI which tells the victim where to pay the ransom
• Chaos Ransomware has other options, such as randomising the file extensions and deleting local backups

It is both illegal and unethical to use these ransomware builders.

This information is just to keep you informed about how they work, and how easy they for cyber attackers to obtain and use.

Spreading the Ransomware

Once the ransomware has been built, the attackers will want to send it around.

They will create an email with a social lure, or a common subject line such as ‘parcel redelivery – urgent action required’ to grab your attention.

The email will contain an attachment with a filename like ‘Invoice.doc’

When you click on the invoice, it will open in Microsoft Word with two pop-ups.

The first is ‘Protected View ‘. By clicking the ‘Enable Editing’ button, you open it fully.

The second pop-up is ‘Security Warning’. By clicking the ‘Enable Content’ button, you let the hidden macro run on your machine.

At this point it’s game over.

Evolving Ransomware Techniques

Ransomware continues to evolve beyond simple data encryption. Once they have full access to your network, they have a number of options to put more pressure on you to pay the ransom.

Further tactics include:

• Double extortion
• DDoS
• Contacting end customers directly
• Triggering GDPR privacy fines
• Checking their cyber insurance policy
• Installing sleeper backdoors in backups
• Attacking the C-level directly for highly sensitive data

Recovering from Large-Scale Attacks is a Challenge for SMBs

Threats like ransomware have evolved to be faster, stealthier and strike harder.

Recovery can be difficult. Prolonged downtime impacts productivity, revenue and reputation.

Large-scale attacks consume a lot of IT resources and slow down the recovery process.

Acronis Cyber Protect’s Comprehensive Protection

When it comes to protecting your SMB clients from today’s cybersecurity threats, MSPs need a reliable and robust security option.

Acronis Cyber Protect is a complete enterprise-level security stack. It comes with a protected, separate backup, and multi-layered protection.

Protection includes vulnerability checks and patch management, URL filtering and behavioural AI monitoring.

Protected backup and disaster recovery protocols mean downtime will be minimal.

The Benefits of Acronis Cyber Protection

• With AI-based automation, there are fewer human errors and faster deployments
• Low cost accessible protection will be a good fit for any size of client
• Scalable cyber protection allows partners to offer higher SLAs to their customers
• Modular deployment gives you control over protection configuration and rights delegation

Where legacy backup and AV solutions can be complex and expensive, Acronis Cyber Protect Cloud offers all its services from one place.

In Conclusion

In conclusion, when talking about today’s cybersecurity threats, you need to be sure that your MSP cybersecurity offering is a comprehensive one.

Ransomware and phishing attacks are on the rise every day, and can target anyone.

It’s not just your client’s business and reputation that you’re protecting. It’s also your own.

Have you been the target of a successful ransomware attack? Or do you have any advice for those who have?

We’d love to hear about it in the comments.

You Might Also Be Interested In

• TubbTalk 113: CyberSecurity, Phishing & Automated Human Risk Management for MSPs
• National Computer Security Day: How to Keep Your MSP Clients Safe
• Could an Automated Revenus Tool Save Your MSP Money?

 

You might like: