Skip to main content
SolarWinds MSP
  • Login
  • Support
SolarWinds MSP
  • Products
    • Remote Monitoring & Management Protect your customers with a platform from the global leader in monitoring and management.
    • Backup & Recovery Manage backup for servers, workstations, applications, and business documents from one cloud-based dashboard.
    • Mail Protection & Archiving Shield email from spam and malware, including zero-hour threats.
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Automated Threat Monitoring Detect, respond to, and report on threats across your managed networks.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking to...

    I'm looking for...

    • Manage my MSP Business More Efficiently
    • Manage my IT Department More Efficiently
    • Layered Security
    • Data-Driven Insights
    • Cross-Platform Support
  • Resources

    Webinars & Events

    Resource Center

    • Ask the N-Central Experts
    • Daily Live Demos
    • Backup Foundations Training
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webinars
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute
    • MSP Advice Project
  • About
    • Contact
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • Blog
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Filter Blogs
  • Filter by:
  • MSP Business
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • Tips & Advice
    • Training
Home Blog MSP Business What does the Russian cyber activity mean to Managed Service Providers?
MSP Business

What does the Russian cyber activity mean to Managed Service Providers?

By Ian Thornton-Trump
5 January, 2017

Over the holidays, the information security and foreign policy communities have been digesting information about malicious Russian cyber activity—designated as GRIZZLY STEPPE. This has come in the shape of a US-CERT alert with a link to a 13-page “Intelligence Report” called the Joint Analysis Report (JAR). (There is a more helpful CSV listing of the indicators of compromise from the same link.)

A result of the marrying of data from the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), the Intelligence Report claims to provide details of the methodologies, “used by the Russian civilian and military intelligence services (RIS) to compromise and exploit networks and endpoints associated with the US election, as well as a range of US government, political, and private sector entities.”

Despite its good intentions, the JAR recommendations to combat this advanced persistent threat (APT) actor seem to be little more than a restatement of recommendations made in the wake of the Office of Personnel Management (OPM) breach. In fact many of those recommendations have been widely discussed since the 2011 Cyber Security Legislative Proposal. There is nothing “new” here and what the JAR recommends have been established best practices since the SANs Critical Controls and NIST 800 series.

The question for SMBs, IT providers, and managed services providers (MSPs) is “are there any new takeaways here?” The answer is, unfortunately, nothing that good security practitioners haven’t already implemented when adhering to the recommended best practices—and beyond. This intelligence report echoes what the InfoSec community has been preaching for some time now, especially when it comes to thwarting ransomware attacks:

“DHS encourages network administrators to implement the recommendations below, which can prevent as many as 85 percent of targeted cyber-attacks. These strategies are common sense to many, but DHS continues to see intrusions because organizations fail to use these basic measures.”

In other words, while the reports may not recommend new practices, they serve as important reminders that we can’t take our eyes off the ball when it comes to security. So what are the basic measures? 

1. Patch applications and operating systems
This is a universal best practice accomplished with the use of patch management software.

2. Application whitelisting
This technology is frequently deployed in the struggle against ransomware, and in the newer Microsoft operating systems, this technology is included for free.

3. Restrict administrative privileges
This is a universal best practice. Please see this report, which makes a bold case for the security value of this recommendation. 

4. Network segmentation and segregation into security zones
This is an emerging best practice that helps mitigate the spread of ransomware infections and control access to devices such as Internet of Things (IoT) and wireless access.

5. “Input validation”
This is a somewhat confusing way of recommending vulnerability scanning of web applications to ensure a website cannot be compromised by a cyber attack. 

6. “File Reputation”
This is another somewhat confusing way of recommending the use of anti-malware technology that looks for heuristic activity that could indicate malware.

7. “Understanding firewalls”
This is essentially recommending the use and configuration of a firewall to control egress and ingress of data at the network boundary. 

Despite some confusion in the recommendations, these are all good suggestions. However, they miss one key point:

From the JAR: “The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016…APT29 has been observed crafting targeted spear phishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spear phishing email campaigns.” 

The number one thing that IT providers or MSPs can do is “prevent user trickery.”

The most valuable defence against APT attacks or ransomware spear phishing emails is not technological; it comes down to the security awareness of end users. With lots of free (customizable) and paid-for resources out there, working with your customers and users to make this training available to them is a huge win for their security—despite the cyber boogeyman of APT. Here are just some of the great resources you can turn to:

  • The US Government’s “Stop.Think.Connect” campaign is a national public awareness program aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. 
  • Failing that, an occasional email to your users and customers on IT security that tells them what to look out for and who to call if they suspect there is a problem can pay huge security dividends. 

It’s always great to augment all of the above technological recommendations, and user awareness training is an effective and inexpensive technique MSPs and IT providers can use to keep the bad guys, APT, or cyber-criminal from landing into their customers’ business. 

In the meantime, keep defending; consistency is victory!

 

Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.

You can follow Ian on Twitter® at @phat_hobbit.

You might also like...

MSP Business

Operation Cloud Hopper-A wake-up call for MSPs and IT service providers

MSP Business

Are companies spending their IT Security Budget on the wrong things?

MSP Business

Security basics: Do you really practice what you preach?

MSP Business

MSP Password Management

MSP Business

Using managed antivirus solutions in your MSP

MSP Business

How and why the Internet is affecting small business IT security

Recent Posts

  • Did You Know Your PSA Can Help You at Tax Time?
  • How to Fix High CPU Usage for Windows
  • Protecting O365 and G Suite Email—A Layered Approach 
  • PSA Overkill: Is Your PSA Managing You?
  • Five Steps to Marketing Your Business, Part 1: Messaging

Categories:

  • Business Growth (403)
  • Tips & Advice (332)
  • Managed Services (296)
  • Security (249)
  • Best Practices (247)
  • Business (212)
  • Cybersecurity (193)
  • Backup & Disaster Recovery (105)
  • IT Support (97)
  • ITSM (67)
  • Data (61)
  • Cloud Computing (56)
  • Product (56)
  • Mail (46)
  • Marketing (46)
  • Risk Intelligence (31)
  • Customer Service (29)
  • Networking (27)
  • Remote Management (26)
  • GDPR (16)
  • Services & Support (16)
  • Service Desk (15)
  • Research & Trends (13)
  • Operations (11)
  • PSA (11)
  • Business Risk (11)
  • Internet of Things (10)
  • Mobile (9)
  • Training (8)
  • Security-series (7)
  • LOGICcards (4)
  • Machine Learning (3)
Show moreless
SolarWinds MSP

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.

Products

  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Threat Monitor

Solutions

  • How We Help MSPs
  • How We Help IT Departments
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights

About

  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Privacy
  • Legal
  • Security
  • Subscription Preferences

Support

  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • MSP Manager
  • Solarwinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Sitemap
  • Service Status