English | Deutsch | Español

New Cyber Attack Targets MSPs and Their Customers

April 20, 2017 | From Virtual Forge GmbH

A sophisticated cyber attack targeting MSPs and cloud services companies, along with their customers, has security professionals worried about massive data breaches leaving potentially thousands of companies vulnerable.

A new cyber attack has been quietly targeting a growing number of companies over the last 9 months. But the real news isn't how what the attackers are after - it's how they're gaining access to so many networks so quickly. Through a massive cyber attack campaign being called "Operation Cloud Hopper" hackers are targeting MSPs (managed service providers) as a gateway to their customer's IT networks. In fact, it's not so much a small coordinated cyber attack as it is the "largest ever sustained global cyber espionage campaign" as PwC and security firm, BAE Systems, are calling it.

PwC, in collaboration with multiple security firms and the UK's National Cyber Security Centre (NCSC), has spent nearly six months researching the extent of the cyber attack campaign, and reaching out and working with organizations that have been targeted either directly or indirectly through major MSP and cloud service company breaches. The results are pretty shocking, and far from conclusive. What they've discovered so far is that the threat actor widely known among security professionals as "APT10" and being referred to as "Red Apollo" within PwC's reporting is the mastermind behind the massive attack.

As of this year, it looks like the cyber attacks have spread significantly after operating a bit in stealth mode throughout the end of 2016. The attackers are hitting companies worldwide, but there's been a significant impact on companies in India, Japan, the UK, and the US. The other major concern is that MSPs not only hold onto incredibly sensitive data from customers, they also offer gateways into hundreds, if not thousands, of potential targets for cyber criminals. This makes it a frighteningly efficient method of hacking into sensitive company networks.

To make matters worse, Operation Cloud Hopper is also targeting Enterprise Service and Cloud Service companies and their customers - an issue that may potentially slow down the adoption of cloud services by enterprise organizations.

For more information, you can download the full technical report from PwC here.


Data Leak Prevention (DLP): Dealing with the problem at the source code

@Virtual_Forge on Social Media:

social_twitter_active.png social_linkedin_active.png social_google_active.png