Cloud backup vendor says remote monitoring tools can give bad actors access to clients’ applications and data
Cloud backup and recovery software maker Asigra is warning its network of MSPs of the growing threat ransomware poses to remote monitoring and management (RMM) platforms that are used by service providers and their customers.
The Lowdown: RMM solutions enable MSPs to remotely manage and monitor their clients’ systems, devices, and networks, giving cybercriminals that compromise these platforms access to end users’ applications and data, Asigra told MSPs this week.
The Details: Asigra officials said MSPs need to be aware of the threat to RMM offerings, which requires that an agent be installed on everything from enterprises’ servers, workstations, and PCs to hypervisors, networking systems, and mobile devices. When managed service providers use RMM platforms with integrated backup solutions, it creates a single point of access to multiple customers, opening up the opportunity for bad actors to send out its ransomware code to each client and hampering backups.
This capability makes MSPs an attractive target for cybercriminals, said sources at the company, outlining three steps MSPs can take to protect RMM platforms from such threats:
> Train employees: Make them aware of targeted phishing attacks, which is how most ransomware gets into the network.
> Separate data protection, RMM solutions: MSPs also should stay away from integrated solutions, which provide a single access point to attackers.
> Choose the right backup solutions: Some backup offerings make it impossible for ransomware or any malware to delete the backup. In addition, MSPs should opt for backup software that prevents ransomware infection by scanning both backup and recovery streams.
The Impact: MSPs, with their growing lists of customers and deep access into their IT environments, are becoming attractive targets for cybercriminals. The FBI and Department of Homeland Security two years ago warned MSPs and cloud service providers that bad actors wanted to exploit them to get to their customers. Others, including Continuum and MSPAlliance, have put out warning signals as well. Vendors like Barracuda Networks and Axcient also are rolling out anti-malware tools aimed at MSPs.
The Buzz: “Once RMM administrative privileges are compromised by a criminal hacker using tried, true, and very effective methodologies such as phishing, website hijacking, or malicious advertising, the criminal party identifies the MSP employee targets and begins to attack,” said Marc Staimer, principal analyst for DragonSlayer Consulting.
“In many technology segments, the centralization of computing processes provides great value. However, tight integration of RMM and data protection is an area where extreme caution is warranted when it comes to backup/recovery design,” said Eran Farajun, executive vice president at Asigra. “The density of high-value data in many RMM environments is too alluring for criminal hackers to avoid, making it incumbent upon the MSP to architect a bulletproof data recovery model. For the strongest protection, service professionals are advised to disentangle RMM and backup to ensure system recoverability.”