Phishing attacks nibble at MSP service chain

Next story

According to a survey1 by ESET, managed service providers (MSPs) are pointing to spam, phishing emails and ransomware as some of the greatest IT security challenges they face. This information corroborates well with another 2019 statistic that singled out spam and phishing emails as responsible for 67 percent of ransomware attacks on MSPs.

Phishing emails often contain either an attachment with malware-laced macros or a link leading to a malicious domain. Employees who open and “Enable content” for these attachments or who click on such links are at serious risk of having their devices compromised by further malicious payloads. Perhaps one of the most alarming situations is when a ransom note appears on the screen after ransomware has encrypted the files of your machine.

As the number of ransomware outbreaks grow each year, the danger of an attack is too great for businesses to ignore. One report saw an increase of 37 percent in ransomware attacks targeting MSPs in Q3 compared to Q2 in 2019. Looking only at the publicly reported ransomware attacks hitting headlines worldwide in 2019, ZDNet reported on a growing list of 13 confirmed attacks on MSPs. Since then, multiple MSPs have continued to take a beating, including companies like Virtual Care Provider and CyrusOne. Clearly, MSPs must learn to master cybersecurity.

Fortifying defenses at entry points

According to research from Virus Bulletin, infamous malware like Emotet, which is known to deliver ransomware payloads, has been seen bypassing many email security products on the market. Fortunately for business users of ESET Mail Security for Microsoft Exchange Server, VBSpam testing shows that ESET has the highest spam catch rate with the lowest false positive rate among competitors:

In addition to the catch rate for spam emails, careful attention should also be paid to the catch rates for “malware” and “phishing” emails.

By “malware” email, Virus Bulletin means one with a malicious attachment, and by a “phishing” email one with a malicious link, which would also include an email with a PDF attachment that contains a phishing link.

ESET Mail Security scored the highest phishing catch rate and the highest malware catch rate. These are especially important metrics and necessary for businesses to assess their protection in the face of ongoing campaigns by dangerous malware.

Homoglyphs are deceiving employees

One way that phishing emails have found success in deceiving employees is that threat actors are able to swap out legitimate letters with the same-looking letters from another alphabet – a technique known as a homoglyph attack. So, what may look like epic.com to human eyes actually becomes eric.com for a computer – simply by swapping out the Latin letter “p” in the word “epic” for the Cyrillic letter “er”.

Part of the success, therefore, of ESET’s anti-phishing technology comes from protecting against homoglyph attacks. ESET’s products scan URLs for possible misuses of similar-looking characters as well as subjecting a number of pre-defined, high-value URLs for even deeper inspection.

In concert with ESET Mail Security, File Security and Endpoint Security products, businesses also have access to a powerful cloud-sandbox that submits emails and files to three layers of machine learning analysis in ESET Dynamic Threat Defense (EDTD). EDTD adds a layer of protection at the network level against zero-day exploits and advanced threats by detecting and blocking them at entry points into your corporate network without your business endpoints needing to deal with them first.

The need to protect with cutting-edge anti-malware technology is greater than ever

Since 2018, the global number of MSP partners leveraging ESET’s solutions to protect their customers has jumped from roughly 4,000 to over 6,000 in 2019. The marked growth over the last year reflects the continued commitment by ESET to empower partners with new and ever more robust solutions that are light on system resources and easier to manage.

Interested in a partnership? Check out our MSP page for more information about how you can protect your business with ESET’s award-winning technologies.

1ESET polled 488 MSP partners in 14 countries during July 2019 via an online questionnaire. In it, 65.8 percent of respondents identified spam and phishing emails as the biggest IT security challenges they encountered while 61.1 percent identified ransomware.