- CrowdStrike Unveils Insider Threat Services for MSSPs, Organizations
- Russian Threat Groups Pose as Tech Help Services to Infiltrate Systems
- Biden’s Final Cybersecurity EO Could Put Demands on MSSPs
- Perspectives: EU Strengthens Cybersecurity with Enhanced NIS2 Directive
Each week, ChannelE2E compiles a list of the top stories we’ve covered about the security services market from our affiliate brand, MSSP Alert. Here’s this week’s round-up of news from MSSP Alert.
CrowdStrike Unveils Insider Threat Services for MSSPs, Organizations
CrowdStrike is offering new services to help organizations and MSSPs protect against insider risk, a growing cyberthreat that includes not only negligent or malicious employees but also outside sophisticated cybercriminal groups.
The partner-first cybersecurity firm’s Insider Risk Services, introduced this week, combine such capabilities as threat detection and response found in its Falcon platform with threat hunting via tabletop exercises and red team simulations, incident response with the help of adversary-based threat intelligence and telemetry gathered from Falcon, and programs and technical reviews to identify gaps and strengthen defenses.
The increase in insider threats is being fueled by trends like remote work, cloud adoption, and the growing complexity of IT environments, according to Thomas Etheridge, chief global services officer for the Austin, Texas-based company.
MSSPs and MSPs can play a central role in protecting organizations against such risks, Etheridge told MSSP Alert, adding they are particularly important to companies that “lack the resources or expertise to manage security in-house. … These partners are critical for extending expert guidance, proactive defense strategies, and swift incident response to businesses of all sizes.”
Russian Threat Groups Pose as Tech Help Services to Infiltrate Systems
Researchers with cybersecurity firm Sophos are warning security teams and MSSPs about two ransomware groups linked to Russian cybercriminals abusing Microsoft’s Office 365 platform and remote management tools to access corporate networks, steal information, and deliver malware.
The two separate extortion groups, tracked as STAC5143 and STAC5777, are flooding Outlook email inboxes with huge volumes of spam and then contacting targeted employees via Microsoft Teams from their own Office 365 service tenants and posing as the organization’s tech support to gain control of their systems, the Sophos X-Ops team wrote in a report Tuesday.
Many businesses use MSPs and MSSPs for their IT support needs, so an employee who is seeing large amounts of spam coming into their email inbox wouldn’t be surprised getting a Teams call or message from an unknown person appearing to be help desk worker, according to Sean Gallagher, principal threat researcher at Sophos.
“While exploitation of remote management tools and abuse of legitimate services are themselves not wholly new, we are seeing more and more threat groups adopt these tactics to target companies of all sizes,” Gallagher said.
Biden’s Final Cybersecurity EO Could Put Demands on MSSPs
President Biden’s last-minute cybersecurity executive order (EO) – should it survive the incoming administration – could have a resounding impact on MSSPs.
The outgoing president, who has made protecting U.S. critical infrastructure and businesses from adversaries a focus of his administration, touched on a range of issues facing the country, from threats from countries like Russia, China, Iran, and North Korea and ransomware to the pros and cons of advanced technologies like AI and quantum computing.
There also was a heavy focus on protecting the software supply chain, not only reiterating the need for programmers to incorporate security in every part of the design chain but also saying that software makers should have to attest to the security of their products and prove that they comply with government-determined security requirements.
Areas like AI, increased sanctions, and leveraging AI for cyber defense will significantly affect MSSPs and MSPs that include security services in their lineups, according to Eric Schwake, director of cybersecurity strategy at Salt Security.
EU Strengthens Cybersecurity with Enhanced NIS2 Directive
COMMENTARY: The Network and Information Systems (NIS) Directive is legislation designed to strengthen network and information system security in the EU. Adopted in July 2016, it was the first EU-wide legislation on cybersecurity.
The NIS Directive has been significantly enhanced with the introduction of NIS2, a regulation that broadens its scope and introduces stricter requirements to improve cybersecurity across critical services in the European Union. This updated directive reflects the growing need for a more resilient and coordinated approach to managing cybersecurity risks, especially as digital infrastructure becomes increasingly central to various sectors.
Expanded Scope
NIS2 has expanded its coverage beyond the original sectors such as energy, transport, and healthcare, now including digital infrastructure providers, public administration entities, food production and distribution, and waste management, among others. This expansion reflects the growing recognition that cybersecurity is not just a concern for traditionally critical industries but is also vital for sectors that may not have been previously prioritized. For instance, the inclusion of food production and distribution highlights the importance of safeguarding supply chains against cyber threats, which could have far-reaching consequences for public safety and economic stability. Similarly, the inclusion of digital infrastructure providers underlines the necessity of securing the backbone of the digital economy, which supports virtually every aspect of modern life.
