MSPs the New Hacker Target?
-
One thing I am shocked many MSPs don't do, which we've done since the first deployment, is secure each Office 365 CSP account (delegated access to each customer through one provider portal) with MFA. In reality, if the MSP was compromised, every customer is then compromised.
I also witnessed many MSPs not securing their secure password databases with MFA. They secured the front end client application in case a computer was compromised or stolen, but the database itself was wide open.
-
@bbigford said in MSPs the New Hacker Target?:
One thing I am shocked many MSPs don't do, which we've done since the first deployment, is secure each Office 365 CSP account (delegated access to each customer through one provider portal) with MFA. In reality, if the MSP was compromised, every customer is then compromised.
I get the value of MFA. But how would each customer get compromised if the MSP was compromised in an Office 365 context?
-
@scottalanmiller said in MSPs the New Hacker Target?:
@bbigford said in MSPs the New Hacker Target?:
One thing I am shocked many MSPs don't do, which we've done since the first deployment, is secure each Office 365 CSP account (delegated access to each customer through one provider portal) with MFA. In reality, if the MSP was compromised, every customer is then compromised.
I get the value of MFA. But how would each customer get compromised if the MSP was compromised in an Office 365 context?
wouldn't the hacker then have access to all of the customer accounts via the MSP's O365 delegate account?
-
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@bbigford said in MSPs the New Hacker Target?:
One thing I am shocked many MSPs don't do, which we've done since the first deployment, is secure each Office 365 CSP account (delegated access to each customer through one provider portal) with MFA. In reality, if the MSP was compromised, every customer is then compromised.
I get the value of MFA. But how would each customer get compromised if the MSP was compromised in an Office 365 context?
wouldn't the hacker then have access to all of the customer accounts via the MSP's O365 delegate account?
That's assuming you are using a shared account that can access all customers, rather than a discrete account per customer.
-
@scottalanmiller said in MSPs the New Hacker Target?:
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@bbigford said in MSPs the New Hacker Target?:
One thing I am shocked many MSPs don't do, which we've done since the first deployment, is secure each Office 365 CSP account (delegated access to each customer through one provider portal) with MFA. In reality, if the MSP was compromised, every customer is then compromised.
I get the value of MFA. But how would each customer get compromised if the MSP was compromised in an Office 365 context?
wouldn't the hacker then have access to all of the customer accounts via the MSP's O365 delegate account?
That's assuming you are using a shared account that can access all customers, rather than a discrete account per customer.
Of course.
So what does NTG do?
-
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@bbigford said in MSPs the New Hacker Target?:
One thing I am shocked many MSPs don't do, which we've done since the first deployment, is secure each Office 365 CSP account (delegated access to each customer through one provider portal) with MFA. In reality, if the MSP was compromised, every customer is then compromised.
I get the value of MFA. But how would each customer get compromised if the MSP was compromised in an Office 365 context?
wouldn't the hacker then have access to all of the customer accounts via the MSP's O365 delegate account?
That's assuming you are using a shared account that can access all customers, rather than a discrete account per customer.
Of course.
So what does NTG do?
Individual accounts per customer. We aren't a reseller, so there isn't any natural connection between customers already.
-
@scottalanmiller said in MSPs the New Hacker Target?:
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@bbigford said in MSPs the New Hacker Target?:
One thing I am shocked many MSPs don't do, which we've done since the first deployment, is secure each Office 365 CSP account (delegated access to each customer through one provider portal) with MFA. In reality, if the MSP was compromised, every customer is then compromised.
I get the value of MFA. But how would each customer get compromised if the MSP was compromised in an Office 365 context?
wouldn't the hacker then have access to all of the customer accounts via the MSP's O365 delegate account?
That's assuming you are using a shared account that can access all customers, rather than a discrete account per customer.
Of course.
So what does NTG do?
Individual accounts per customer. We aren't a reseller, so there isn't any natural connection between customers already.
What does a natural connection between customers have to do with anything?
a single vendor account with MS which then grants you access to ALL of your customers accounts, prevents you from needing to log in dozens of times a day - from having to maintain all those separate accounts, etc.
of course, it opens you up to the above stated issues.
-
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@Dashrender said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
@bbigford said in MSPs the New Hacker Target?:
One thing I am shocked many MSPs don't do, which we've done since the first deployment, is secure each Office 365 CSP account (delegated access to each customer through one provider portal) with MFA. In reality, if the MSP was compromised, every customer is then compromised.
I get the value of MFA. But how would each customer get compromised if the MSP was compromised in an Office 365 context?
wouldn't the hacker then have access to all of the customer accounts via the MSP's O365 delegate account?
That's assuming you are using a shared account that can access all customers, rather than a discrete account per customer.
Of course.
So what does NTG do?
Individual accounts per customer. We aren't a reseller, so there isn't any natural connection between customers already.
What does a natural connection between customers have to do with anything?
There is no association between the customers, even at the ITSP level. No natural reason for any cross connection to exist.
-
@Dashrender said in MSPs the New Hacker Target?:
a single vendor account with MS which then grants you access to ALL of your customers accounts, prevents you from needing to log in dozens of times a day - from having to maintain all those separate accounts, etc.
of course, it opens you up to the above stated issues.
I'm not saying that it is a bad thing, just not one that we use.
-
@scottalanmiller said in MSPs the New Hacker Target?:
@Dashrender said in MSPs the New Hacker Target?:
a single vendor account with MS which then grants you access to ALL of your customers accounts, prevents you from needing to log in dozens of times a day - from having to maintain all those separate accounts, etc.
of course, it opens you up to the above stated issues.
I'm not saying that it is a bad thing, just not one that we use.
Cool -
-
Literally on the phone with the customer of a different MSP that had this happen.
-
@scottalanmiller said in MSPs the New Hacker Target?:
Literally on the phone with the customer of a different MSP that had this happen.
Is NTG reaching out to these MSPs to offer assistance and/or guidance?
-
@Obsolesce said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
Literally on the phone with the customer of a different MSP that had this happen.
Is NTG reaching out to these MSPs to offer assistance and/or guidance?
Or are they reaching out to customers to offer competent managed services?
-
@RojoLoco said in MSPs the New Hacker Target?:
@Obsolesce said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
Literally on the phone with the customer of a different MSP that had this happen.
Is NTG reaching out to these MSPs to offer assistance and/or guidance?
Or are they reaching out to customers to offer competent managed services?
Yeah that too!
-
@Obsolesce said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
Literally on the phone with the customer of a different MSP that had this happen.
Is NTG reaching out to these MSPs to offer assistance and/or guidance?
We always offer that service. MSPs are free to reach pur to us always.
-
@RojoLoco said in MSPs the New Hacker Target?:
@Obsolesce said in MSPs the New Hacker Target?:
@scottalanmiller said in MSPs the New Hacker Target?:
Literally on the phone with the customer of a different MSP that had this happen.
Is NTG reaching out to these MSPs to offer assistance and/or guidance?
Or are they reaching out to customers to offer competent managed services?
That would be smart. But knowing who affected customers are is hard.
-
MSP Maturity Model. Strictly speaking, the MSPMM does not tell MSPs to make all of their customers identical. But in practice, it encourages it and many MSPs talk about the MSPMM in these terms - finding ways to make customers all run the same tools, software, practices, network design, etc. This makes management so much easier for the MSP, but has two major problems.
First, it forces the customer to conform to the vendor, which makes very little sense. IT needs to adapt to the business, not the business to IT. But that's another topic.
Secondary, it means that an attack vector that works on the MSP will likely work on every single one of their customers making the prospect of breaching the MSP that much better. Sure, if a targeted attack by experienced state-sponsored hackers goes after an MSP, the MSP has little chance of winning that battle. But that isn't the real risk. In the real world, the risk is automated attacks looking for common vulnerabilities and spreading organically through shared tooling - things that are only possible or reasonably likely when the environments are homogeneous: both amongst the MSP clients, and between clients and the MSP themselves.
The traditional approach of MSPs, especially VAR - MSP combo companies, is to have not only the same tools and software, but even the same hardware and products so that any hole anywhere because a hole everywhere and breaching any one piece of the infrastructure means you are likely to breach it all.