Nation-State APTs Target Small Business MSPs
According to a new report from security researchers at Proofpoint, advanced persistent threat (APT) actors linked to state interests in Russia, Iran, and North Korea are directing their attention toward small- and medium-sized businesses and the service providers of that ecosystem. Proofpoint warned of the supply chain risks from managed service providers that these groups may exploit and leverage. The report stated that SMBs often lacked dedicated security teams, and thus, are more vulnerable to malware attacks.
Trends in Targeting SMBs
Proofpoint identified three primary trends in their research. Firstly, APT groups are using compromised SMB infrastructure for malware attacks. Secondly, state-affiliated actors are targeting regional SMBs, particularly for financial theft. Lastly, APT actors are targeting regional managed service providers for downstream supply chain attacks.
Specific Targeting of Russian, Iranian, and North Korean APT Groups
Proofpoint’s data shows that advanced and skilled threat actors with a particular strategic mission in support of their state-sponsored interests are targeting SMBs. This presents a possible threat of intellectual property theft, espionage, disinformation campaigns, destructive attacks, and state-sponsored financial theft against SMBs that are under-protected against cyberattacks such as phishing campaigns. The groups targeting SMBs are aligned with Russian, Iranian, and North Korean state interests.
APT Actors Targeting Regional MSPs
The report named a significant trend of APT actors targeting regional MSPs to initiate and enable supply chain attacks. Proofpoint highlighted the case of TA450, linked to Iran’s Ministry of Intelligence and Security, that targeted two Israeli regional MSPs in 2023 via a phishing campaign. The data reveals that APT groups in Iran are targeting regional technology providers to access downstream SMB users via a supply chain attacked against MSPs.
Editorial and Advice
The warning from Proofpoint highlights the emerging risks for small businesses and their managed service providers. It also emphasizes that all sizes of businesses, including small businesses, are potential targets of APT groups. The risks for SMBs have increased as attackers increasingly target MSPs, including in their phishing campaigns, which can, in turn, compromise a downstream SMB environment. SMBs must re-examine their cybersecurity and ensure they are taking appropriate steps to protect against APT attacks. Getting professional help in terms of cybersecurity risk assessments, compliance audits, and personalized planning can be an option for small businesses.
In response, MSPs can provide “awareness and training programs to their clients to reduce their security risk. They need to implement multi-layered security programs with a central dashboard and automated management, including patches, internal and external vulnerability scans, and backup and disaster recovery services” to secure their clients.
Finally, while it is vital for businesses to maintain effective cybersecurity measures, it is equally important for governments to provide regulatory and legislative support to reduce the nation-state sponsorship of these cyber espionage activities.
<< photo by cottonbro studio >>
You might want to read !
- “Google’s Latest Domain Extensions Empower Social Engineers With New Possibilities”
- Watering Hole Cyberattacks Target Shipping and Logistics Companies in Israel
- Iranian Hackers Use Tortoiseshell Technique to Target Israeli Logistics Industry
- Strengthening Industrial Cybersecurity: Balancing Remote Access and Risk Concerns
- Microsoft Teams’ Security Features Under Scrutiny As Cyberattacks Increase
- The Rise of Pre-Infected Devices: Lemon Group’s Latest Tactic for Cybercrime
- “Uncovering the Weak Links: Cisco Small Business Switches Riddled with Remote Attack Vulnerabilities”
- “CISA Aims to Bridge the Cybersecurity Gap for Small Businesses and Local Governments”
- Hunting for a Cure: Huntress Raises $60M to Expand MDR Program