COVID-19 Update

Microsoft: Attackers Are Increasingly Targeting Service Providers, IoT

In a new report, Microsoft says service providers and the Internet of Things (IoT) are increasingly being targeted by cybercriminals.

Leave a Comment

According to a new report from Microsoft, service providers and the Internet of Things (IoT) are increasingly being targeted by cybercriminals, reinforcing the idea that AV integrators need to value security as much as IT providers.

The Digital Defense Report, a new annual report put out by Microsoft’s cyber defense experts, suggests that the rising number of IoT devices and third-party services are vulnerable to attacks.

Attackers target providers like managed service providers and “IT outsourcers” to get a foothold in their customers’ systems, the report says.

Although rising in frequency, those kind of attacks represent just 7% of Microsoft’s response to attacks between October 2019 and July 2020.

According to the report, this is because service providers aren’t threat modeled with the same diligence as their customers’ systems. The attacks follow a similar pattern of entering the service provider’s network via phishing or through a network weakness with RDP brute force, and then moving laterally to gain admin privileges.

“Once the attackers have gained full access to the service provider, they can access the customers via the same legitimate support channels and accounts used for remote support or software maintenance,” the report says.

Read Next: Protecting Yourself From Hacking Will Also Protect Your Clients

Microsoft recommends that end user organizations vet their service provider and ensure they follow best practices in cybersecurity. “Access to the network for support should be monitored and secured via multi-factor authentication and just-in time access,” the report says.

Meanwhile, IoT-based attacks are increasing. According to Microsoft, the first half of 2020 saw a 35% increase in IoT attack volume compared to the second half of 2019.

The most common attack includes using default credentials to obtain a shell access to download and execute malware. Devices include routers, remote terminals, IP cameras and multimedia systems.

Microsoft recommends several steps to secure IoT networks, like avoiding exposure of IoT devices directly to the internet, mapping the digital terrain, segmenting networks for IoT devices, threat modeling, and working with managed service providers on security protocols.

For more information on these threats and Microsoft’s recommendations, read the Digital Defense Report.

CoronaVirus Update