Tag Archive for: MSSPs

What are Botnets and Why are MSSPs So Concerned?

/in


In part one of MSSP Alert’s series on botnets, we delve into the nature of botnets and why MSSPs and MSPs are so concerned about them.

Botnets can lurk undetected in an organization’s computer network for years, covertly and maliciously poking and prodding with malware aimed at finding a vulnerability to potentially launch a full-scale cyberattack that will cripple IT systems, steal sensitive data and impose a ransom demand while demanding a business’ reputation.

Botnets have the ability to infect an entire IT network, be it software, applications or any type of device that even scratches the surface of digital technology. Botnets are the product of “bot-herder” (i.e., hacker) that either physically or mechanically sends the bot from their command-and-control servers to an unknowing recipient via file sharing, email, social media application protocols or via other bots as an intermediary.

When someone opens a malicious file on their computer, the bot reports back to command and control where the bot-herder can dictate commands to infected computers, Palo Alto Networks explains. In fact, bots can be updated by the bot-herder to change their entire functionality based on what he/she would like for them to do, and to adapt to changes and countermeasures by the target system.

Botnet Business Booming

Josh Smith, threat intelligence analyst for Nuspire, a Commerce, Michigan-based MSSP, believes that botnets don’t often receive the media attention that ransomware attacks do. Regardless, MSSPs, MSPs and the cybersecurity industry in general are keenly focused on botnets.

However — often much to their frustration — Nuspire’s customers are not always as aware of botnets as they should be, Smith said. Nor are their customers’ employees taking the appropriate measures to protect against bot intrusions.

“Botnets are quiet, sneaky and don’t make the headlines,” he said. “They get remediated. They get fixed. They get cleaned. But they’re still a very big threat to organizations everywhere.”

According to Nuspire’s recently released 2023 Cyber Threat Report, botnets saw a 25% year-over-year increase in activity, with the Torpig Mebroot botnet comprising 56% of all botnet…

Source…

Battle of the Botnets: How MSSPs Play the Game

/in


In this article, MSSP Alert examines the tactics and technologies MSSPs and MSPs use to spot and stop botnets. Read part one of the two-part series: “What are Botnets and Why are MSSPs So Concerned?

Any time an MSSP or MSP signs up a new customer it’s an expedition into the unknown, an exploration on day one into a potentially under-managed and vulnerable cyberspace environment.

As you begin this journey, you’re wondering who had been watching the customer’s endpoints (hopefully, but not likely, all of points of entry) and what might have already slipped through detection (perhaps years ago) and infected its IT systems — like a botnet or some type of covert malware.

MSSPs and MSPs surely know the potential of a botnet finding its way into their own IT network or devices. Why wouldn’t the bad guys go after those who would prevent them from laying the track to a ransomware attack?

The tools and techniques of the cybercrime trade are not unsurprising inasmuch as the evolving sophistication of the instruments and tactics of today’s threat actors. For instance, AI is now being used by cybercriminals typically operating out of China, Russia and North Korea.

Waging the Botnet Battle

Jim Broome, president and chief technology officer at DirectDefense, said his MSSP employs a robust endpoint detection and response (EDR) solution with their customers.

“For us, it’s a two-fold answer,” he said. “The more traditional botnet activity that people are associated with is just malware. So we have a managed security services solution built around managed EDR, partnered with CrowdStrike and Cylance BlackBerry (and others). You have to put the two together to look for signs of infection.”

DirectDefense also has a dedicated practice around application security, largely penetration testing, red teaming, software development and lifecycle review. Essentially, these activities are delivered within a professional services package that complements its managed security services.

“This is how we’re helping organizations deal with the struggle of protecting their applications against botnet activity,” Broome said. “Time and time again we’re being called in either for incident response…

Source…

Empowering MSSPs and MDR Service Providers to Control the Chaos Caused by Advanced, Highly Evasive Malware

/in


Source…