Gerald Beuchelt is Chief Information Security Officer at Acronis, a company protecting millions of endpoints across 54 data centres, many of them managed by MSPs just like you. They protect against cyber criminals and AI threats.

He’s led security through IPOs, a $5 billion merger, and now heads up the Acronis Threat Research Unit, or TRU. And that’s a team uncovering wild cyber threats that potentially pose a risk to all MSPs and their clients.

An Interview with Gerald BeucheltThe Acronis TRU

The Acronis threat research unit (TRU) is a virtual team within the organisation, made up of team members from different departments. They include threat researchers, a security team and specialists in the marketplace.

The team works together to understand the threats MSPs and MSSPs are facing, and they do a lot of research with companies of all sizes, and refer to existing research such as the Verizon breach report. Says Gerald:

“We focus closely on what we see through our own endpoint agents. That’s not only new threats coming up, but also any issues facing the MSP community, such as ransomware or email security. We also provide analysts to our partners who can assess an MSP’s cyber risk and that of their clients.”

What is a Cyber Snake?

Sidewinder ATP, an advanced persistent threat group that has been active since at least 2012, continues to pose a threat to MSPs across the globe. Recently, they targeted high level government institutions in Sri Lanka, Bangladesh and Pakistan.

“What was interesting about it was that they were using very targeted spear phishing emails to go specifically after the location of the infected clients. If a spear phish ended up in one of those countries, the entire kill chain and the payload would deploy.

“The threat actor is going to considerable effort to target specific organisations in certain regions. They have also focused on an old Microsoft Word vulnerability from 2017. This is significant because it means out of date software is still being used regularly. MSPs need to ensure their clients aren’t doing the same.”

The Return of the ChaosRAT

RAT stands for remote access toolkits or remote administration toolkits. Gerald explains that once installed, the attacker can interact in meaningful, damaging ways with the infected machine.

“You can thing of like evil remote management software which can cause chaos to networks. They’re very similar to a traditional RMM (remote management and monitoring) tools, which is worrying. It means it’s not easy to detect whether it’s genuine or not.

“At Acronis, we work hard to provide our MSP partners with tools to detect ChaosRATs. They can cause problems across operating servers, so both Linux and Windows are vulnerable. The more you can do to protect against them, the better.”

Cyber Threats MSPs Should be Aware of

Gerald highlights a couple of things today’s MSPs need to be aware of. “Attack scenarios such as ransomware are still a major concern, and they impact businesses of all sizes today.

And not only do extort companies to pay for their data to be released, they threaten them with a releasing the data and even getting companies sued by the regulator for doing so. And ransomware as a service is really growing, too.

“So as an MSP, you have to be more prepared than ever to understand the ransomware threat in your environment. Make sure you have a disaster recovery plan, and follow the legal advice to not pay if you can avoid it.

Criminals are using sophisticated-looking emails that look entirely credible, so better email protection is important. Finally, we need to encourage employees and client teams to be more aware of the threat potentials and try to minimise the risks.”

What is a Security-First MSP?

A security-first MSP is just what it sounds like. It means, says Gerald, prioritising security. “That means including security concerns, threat assessments and the appropriate countermeasures in your portfolio from the beginning.

“Security cannot be just tacked on at the very end of defining a product. You don’t wait until the anti-malware is installed and add a firewall. Security needs to be embedded from the beginning, and you have to adapt to changes all the time.

“So to be security-first, security has to come in at the ideation of a product. Ask what could go wrong and how can you prevent that? You don’t have to spend a lot of money, but you DO need to develop your architecture to make it less susceptible to threats.”

How Criminals are Using AI to Generate Real Time Attacks

MSPs need to understand that criminals are now using AI in order to carry out real time attacks. Gerald says: “The CEO of Acronis was actually deep-faked – his voice was used for a social media attack, and he has barely any online presence. So it just goes to show that any footprint is there forever.

“The trust in digital media is going to erode very quickly as deep fakes become more convincing. We’ve seen what happens when prominent people are put into seemingly unfortunate situations that are actually AI-generated.

“That also creates a challenge for businesses, because how can you prove what’s real and what’s not? A criminal could target you, create a compromising deepfake and whether you pay the ransom or not there’s a risk to your credibility.”

How to Connect With Gerald BeucheltAcronisFollow Acronis on LinkedInLike Acronis on FacebookFollow Acronis on X‘Connect with Gerald on LinkedInHow to Connect With MeSubscribe to TubbTalk RSS feedSubscribe, rate, and review TubbTalk on iTunesSubscribe and rate TubbTalk on SpotifyFollow TubbTalk on iHeartRadioFollow @tubblog_msp on InstagramMentioned in This EpisodeWindows domain networks directory: Active DirectoryComputer programme: KerberosThreat knowledge base: MITRE ATT&CKVerizon breach reportCRM software: SalesforceCyber threat: Sidewinder ATPSpeaker and author: Karl PalachukDark web: Digital UndergroundMSP event: MSP GlobalCyber event: Infosec LondonCloned Richard podcastYou Might Also be Interested inChampioning the Cybersecurity Right of Boom and the MSP RevolutionPodcast: How to Turn Employees into a Company’s Biggest Cybersecurity AssetComplement Your Cybersecurity Strategy with Security Awareness Training