MSSP

Security Update: IBM X-Force Shows Hackers Using BEC to Steal Cloud Creds

AI and network security

Each week, ChannelE2E brings you the top cybersecurity insights from our affiliate site MSSP Alert, because we know that managed service providers need to stay on top of trends in cybersecurity.

This week, Shark Tank star and Cyderas CEO Robert Herjavec announced he is stepping down, Microsoft and SentinelOne are among the vendors named in Gartner's vaunted Magic Quadrant for endpoint protection platforms, IBM X-Force warns that attackers are using business email compromise (BEC) and phishing to steal cloud credentials, and we investigate the SOC of the future. Here's our roundup.

  • IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials
  • Gartner Magic Quadrant Names Microsoft, SentinelOne Among EPP Leaders
  • MSSP Experts Weigh in on the SOC of the Future
  • Shark Tank Star Robert Herjavec Steps Down as CEO of MSSP Cyderas

IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials

Stolen credentials continue to be 'coin of the realm' for threat groups targeting cloud environments, and the range of tactics they use to get them – from phishing and business email compromise (BEC) campaigns to keylogging and brute force – prove that out.

Also high on the list of tools is infostealer malware that is specifically designed to harvest cloud platform and services credentials, according to IBM’s X-Force threat intelligence unit.

In the latest edition of their annual IBM X-Force Cloud Threat Landscape Report released Tuesday, the researchers found that phishing attacks over the past two years accounted for 33% of cloud-related cyber incidents, with bad actors increasingly using adversary-in-the-middle (AITM) techniques. Such attacks involve the hackers positioning themselves between the victim and a legitimate service to intercept communications.

“This type of attack is particularly dangerous because it can bypass some forms of MFA [multi-factor authentication], making it a powerful tool for cybercriminals,” Austin Zeizel, threat intelligence consultant with X-Force, wrote in an accompanying blog post. “Once inside a victim’s environment, threat actors seek to carry out their objectives.”

Read the complete story here.

Gartner Magic Quadrant Names Microsoft, SentinelOne Among EPP Leaders

Microsoft, SentinelOne, and CrowdStrike rank at the top of Gartner’s recently released 2024 Maqic Quadrant of endpoint protection platform (EPP) vendors, which are increasingly important in protecting what are still among the most vulnerable parts of an enterprise’s IT environment.

Cybercriminals are continuing to focus on identity and authentication as avenues for infiltrating corporate networks at a time when the workforce is becoming more distributed.

EPPs offer a layer of protection that includes identifying and stopping malware from executing on a system, detecting new threats, from fileless malware to ransomware, defending against insider threats, and investigating breaches. EPPs cover a broad array of devices, including PCs, laptops, servers, mobile phones, and embedded systems.

Given all that, it’s not surprising that EPPs are a crucial part of any MSSP’s services portfolio.

Read the complete story here.

MSSP Experts Weigh in on the SOC of the Future

Here at MSSP Alert, we’ve been thinking about the evolution of the security operations center (SOC), which is essential to MSSP/MSP operations. What is “the SOC of the future”?  We wanted to hear from the experts about essential technologies, the adoption of AI, the concept of human-driven security versus hyperautomation and more.

SOCs drive how organizations detect, respond to and mitigate cyber threats, and their evolution will impact the entire realm of managed security services. The composition, operations and efficacy of future SOCs may be as varied as threat actors themselves. But the one thing we can be sure of, according to Andrew Douthwaite, chief technology officer for VirtualArmour, is that cybersecurity will never stop because bad actors are consistently trying to breach anyone and everything.

Read the complete story here.

Shark Tank Star Robert Herjavec Steps Down as CEO of MSSP Cyderas

Robert Herjavec, perhaps best known to the general public as a Shark Tank angel investor, is stepping down as CEO of the MSSP he founded in 2023.

Chris Schleuter will become CEO of Cyderas effective Oct. 1.

Herjavec started the company in 2003 with two employees and has overseen its growth into an MSSP with nearly 1,000 employees. Meanwhile, the noted author achieved fame as the cybersecurity expert and executive producer of the Emmy winning Shark Tank TV show that airs on ABC.

Under Herjavec’s leadership, Cyderes rose to a market leadership position in managed security, identity and professional services, the company said. He  will continue to contribute his industry knowledge to enhance Cyderes' market presence and remain committed to its clients while continuing as a significant investor and board member. 

Read the complete story here.

You can skip this ad in 5 seconds