What’s lurking the digital shadows?

Organizations are often aware of their digital or internet footprint. That is, the footprint they leave behind online via their websites, social media accounts, external emails sent out, and more. It is very common for companies to employ a digital director to help manage all these new grounds and keep them in check. But how many companies aware that there is other information left behind on the internet outside of these normal channels? Information that cyber-criminals could leverage to start an attack on an organization.

Watch out for Business Email Compromise

In 2013 the FBI noticed a new attack that they called business email compromise (BEC) sometimes called CEO fraud (although it doesn’t always involve the CEO).  This is a simple attack that criminals use to steal money and financial information from all sorts of companies.  Targets have included large and small corporations, non-profits, churches, and schools.  As of 2018 BEC has cost over $12.5 Billion dollars and is on the rise.

The United States Computer Emergency Readiness Team (US-CERT) and the National Cybersecurity and Communications Integration Center (NCCIC) recently posted a technical alert for Managed Service Providers (MSPs) warning of a campaign conducted by Advanced Persistent Threats that targets MSPs and attempts to break into their computer networks.   Both cloud and on premise technologies are targeted in this attack.  You can read the full alert here, https://www.us-cert.gov/ncas/alerts/TA18-276B.

In this blog post we will look at who and what Advanced Persistent Threats are, what they are doing, how they are doing it, and why they are targeting MSPs.   We will also briefly going into how 3KeyLogic is staying protected and what you can do to make sure to not fall victim to an APT.