Cybercriminals have their eyes on new vulnerabilities as a way of compromising your clients. Your response needs to go beyond patching bad code.

When thinking of vulnerabilities, most IT pros – whether working as an MSP or not – immediately think of patching operating systems and applications. But vulnerabilities are more than just bad code. Even if you’ve already included patching as part of, say, a remote monitoring and management service offering, there are plenty of other vulnerabilities cybercriminals can leverage to put your client’s operations and business at risk.

The following vulnerabilities are just three that likely exist today in one or more of your customers.

RDP Access

Remote Desktop Protocol (RDP) has long been a legitimate asset for those wanting to remotely control their Windows desktop. But organizations leaving these connections exposed to the internet have unwittingly introduce a dangerous vulnerability. Network scans – even when RDP is used on non-standard ports – can provide attackers with a list of open RDP targets. Additionally, some older versions of Windows run on default settings allowing an unlimited number of logon attempts made against local accounts. So, even if a brute force attack is necessary, it’s still only a matter of time until an attacker succeeds in gaining access.

In fact, RDP-based access was the primary attack vector for over 59% of ransomware attacks. That means the bad guys find it easier to scan for and automate attacks against exposed RDP connections than attempting phishing attacks. In 2018, SamSam was the big culprit, but new ransomware variants such as TFlower and vulnerabilities such as BlueKeep demonstrate that RDP as an attack vector is thriving.

Social Engineering

Phishing scammers use any means necessary to trick their intended targets into clicking a malicious link or downloading a malicious attachment. Social engineering attacks aim to create the illusion of legitimacy through contextual details that only a genuine sender would likely know. In many cases, it only takes a spoofed domain from a widely recognized company like Microsoft, PayPal, Facebook, or Netflix to trick a user. Cybercriminals are even going as far as mimicking the voice of CEOs using deepfake audio and AI to trick users over the phone into doing their bidding.

In the case of social engineering, the user is the vulnerability. The more unaware they remain of the importance of good security hygiene on a daily basis, and their role in maintaining organizational security, the greater the risk of a successful attack.

Their MSP

That’s you. SMBs that entrust the management of their entire network to an MSP are only as secure as its network. MSPs simply cannot be the weakest link in their security chain, or they will be exploited to the detriment of their clients. If the MSP has admin access to the customer’s network (which you do), and an attacker can compromise the MSP’s network (which they can), then cybercriminals can compromise an entire customer base (which they have in massive numbers this year).

MSPs that haven’t put the same security practices they preach to their customers into place are prime targets for attackers. The bad guys are keenly aware that MSPs who talk the talk about cybersecurity often fail to walk the walk. And they are willing to bet compromising MSPs will lead to more, and more valuable, data than that owned by the MSP itself. That makes them very valuable targets.

“Patching” These Vulnerabilities

There’s obviously some work MSPs can do to address these vulnerabilities. RDP can be disabled and replaced with something more secure; perhaps even leveraging a VPN prior to attempting remote access. Users can undergo security awareness training to better equip themselves with the knowledge necessary to remain vigilant and effective in stopping social engineering attacks. And you can certainly work to shore up your own organization’s security stance with a focus on protecting the privileged access you have to your client networks.

With attacks and attackers working to take advantage of weak points in your security, it’s imperative MSPs begin to address these issues immediately. The vulnerabilities discussed here are presented in order of perceived difficulty to implement a fix, from least to most time consuming. The good news is that there are steps you can take to improve your client’s security stance almost immediately, and far more strategic initiatives available over time to ensure minimize client exposure.   

What’s next?

I encourage you to start a free Webroot product trial to see for yourself how our solutions can help you prevent threats and maximize growth: Endpoint Protection | DNS Protection | Security Awareness Training.