Kaseya Offers Answer to MSP and Client Credential Cracking Woes

Security has always been paramount for MSPs. But now that hackers are going out of their way to compromise service providers and use that foothold to attack clients, the need for protection has multiplied

That’s why Kaseya today announced AuthAnvil MSP Protect, a service that protects MSP networks from password cracking incursions and forms the basis of new MSP Security as a Service (SCaaS) offerings. The new MSP Protect is a complete solution to password security, and includes two-factor authentication (2FA), single sign-on (SSO), and a password server for rich password management.

One MSP is already reaping the benefits. “As an MSP, our business reputation is as important as the services we deliver to our customers,” said Chuck Bubeck, CEO of Ease Technologies. “Our clients rely on us to keep our own environment as secure as possible, and AuthAnvil enables us to do just that. By leveraging Kaseya’s MSP Protect strategy, we are able to use a layered security approach that focuses on and addresses each type of security threat. With AuthAnvil in place, we’re confident that we’ve taken the necessary steps to avoid becoming the next security breach headline.”

AuthAnvil MSP Protect was custom built to protect MSPs and their clients. Part of this is integration with commonly used MSP tools, such as from Autotask, ConnectWise, Continuum, IT Glue, LabTech and N-able.

“Kaseya continues to innovate our core security technology not only to stay two steps ahead of ever-evolving threats, but always with the mindset of how our innovations will help our customers grow their business,” said Jim Lippie, general manager, cloud computing of Kaseya. “AuthAnvil MSP Protect was created to make it easy for our customers to perform the formidable task of protecting their critical systems and data. In a time when the threat of cyberattacks has never been greater, it’s imperative that MSPs choose the right solution to secure their investments. That’s why we thoughtfully developed MSP Protect to cater to the specific requirements of our MSPs, and also provided an opportunistic solution that can enable them to grow their bottom line.”

The New Threat to MSPs

Hackers are no longer content to attack individual organizations, but want to go after multiple groups at the same time in the form of service providers’ clients. But cracking the service provider, cybercriminals can then gain control of all their customers.

In a recent report Intrusions Affecting Multiple Victims Across Multiple Sectors, The National Cybersecurity and Communications Integration Center (NCCIC), which operates under Homeland Security, said it “has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates, along with placing sophisticated malware implants on critical systems,” the report said.

The targets are troubling. “Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments. Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.”

That is the scary part. It is a multiplier effect where an incursion into one service provider turns into compromises of perhaps hundreds of client companies – or more.

Credential Cracking

A key to these attacks is the use of compromised credentials. “The actors use malware implants to acquire legitimate credentials then leverage those credentials to pivot throughout the local environment. NCCIC is aware of several compromises involving the exploitation of system administrators’ credentials to access trusted domains as well as the malicious use of certificates,” the report said.

Protect Your Network Against Credential Cracking

The report offers a wealth of advice, first and foremost being to adopt two-factor or multi-factor authentication (2FA/MFA). It also suggests, as should be customary practice, that users only be given the level of privilege they actually need, the so-called least privilege doctrine.

As is also a best practice, you should require complex passwords, such as having at least 15 characters.

And of course, use two-factor authentication for all those who touch the service provider network.

More on Two-Factor Protection

Two-factor authentication is a verification process that adds one more layer of credential confirmation to a login process. Also recognized as a multi-factor authentication, 2FA requires the input of the standard password/username combination, as well as, a second piece of information that can only be provided by the authorized individual. With the incorporation of 2FA, cyber-hackers find it far more challenging to access account to steal an identity or obtain crucial confidential information.

In the cyber world, 2FA is now used on a variety of large websites including Yahoo, MSN, Google, and Twitter along with a plethora of banking institutions. By incorporating two-factor authentication into the login process, organizations can dramatically lower the rate of credential cracking.

Check out our 2FA Buyers Guide for more information.

dougbarney

Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.

Leave a Reply

Your email address will not be published. Required fields are marked *