In 2013 the FBI noticed a new attack that they called business email compromise (BEC) sometimes called CEO fraud (although it doesn’t always involve the CEO). This is a simple attack that criminals use to steal money and financial information from all sorts of companies. Targets have included large and small corporations, non-profits, churches, and schools. As of 2018 BEC has cost over $12.5 Billion dollars and is on the rise.
The United States Computer Emergency Readiness Team (US-CERT) and the National Cybersecurity and Communications Integration Center (NCCIC) recently posted a technical alert for Managed Service Providers (MSPs) warning of a campaign conducted by Advanced Persistent Threats that targets MSPs and attempts to break into their computer networks. Both cloud and on premise technologies are targeted in this attack. You can read the full alert here, https://www.us-cert.gov/ncas/alerts/TA18-276B.
In this blog post we will look at who and what Advanced Persistent Threats are, what they are doing, how they are doing it, and why they are targeting MSPs. We will also briefly going into how 3KeyLogic is staying protected and what you can do to make sure to not fall victim to an APT.
