The MSP Security Gap

Turn security gaps into sales opportunities with weekly attack scenarios

Turn security gaps into sales opportunities with weekly attack scenarios

The weekend break-in

The scenario:

Friday evening, your client's office empties. One server has remote access open to the internet, set up years ago for convenience and forgotten. 

Over the weekend, an automated tool finds it and starts guessing passwords. By Saturday night it is in. 

How it unfolds:

The attacker does not rush. They move from the one server to the rest of the network, switch off the backups within reach, and study where the important files live. 

Early Monday, before anyone arrives, they trigger the ransomware. Every shared file is encrypted. The backups that were online are gone too. The first your client knows is a ransom note on every screen and a demand for payment in cryptocurrency. 

The way in was a single exposed login that nobody was watching. The damage took one quiet weekend. 

The warning signs:

  • Remote access open to the internet, especially anything set up long ago. 


  • Login attempts spiking outside working hours. 


  • Backups that are always connected, with no offline copy. 


  • Accounts without MFA on remote access. 

Stop it:

  • Close remote access to the internet. Put it behind a VPN with MFA, or remove it. 


  • Keep at least one backup copy offline, and test a restore before you need it. 


  • Watch for out-of-hours login activity, because the attack runs while nobody is looking. 

-

PS: Finding the open port is one job. Catching what comes through it at 3am on a Saturday is another. The second job is what we watch while the office is dark. 

More attack scenarios

The account that should have been gone

The download that was not the download