Jonathan Crowe

Microsoft Exchange 0-Day Vulnerabilities Mitigation Guide: What to Know & Do Now

MSP securiity alert banner

Updated March 16, 2021. 

On Tuesday, March 2, Microsoft announced that it had detected a string of four 0-day exploits being actively used to attack versions of on-premises Exchange Server. Patches are available, and organizations are being strongly advised to identify, update, and verify vulnerable systems as quickly as possible.

We've created this post to collect related resources and information and will be updating it regularly. Read more

Jonathan Crowe

4 Misconceptions Many MSPs and IT Pros Still Have about Cybersecurity in 2021

security misconceptions

Security awareness is on the rise in the channel, but, unfortunately, old habits and misconceptions die hard.

This post is a collaboration between:

me circle
Jonathan Crowe
Director of Content and Community at NinjaRMM


Tom Watson

Channel Chief Advisor at NinjaRMM


In a hurry? Watch a 3min video version of this post:


Recently, NinjaRMM hosted our second annual virtual MSP Security Summit with the goal of helping MSPs up their game when it comes to security. That goal has only grown in priority since we hosted last year’s event, and this year we were excited to have experts and vendors from a variety of verticals (including a direct competitor) participate and make it a truly channel-wide effort.

As a former MSP owner, Tom came to the event with the goal of identifying key takeaways, and he spent a lot of time thinking about how much has changed when it comes to what is required of an MSP owner today. When he started his MSP business, it was all about technical support. The focus was on hardware and on the software that ran on it. Selling and managing critical items like Microsoft Exchange servers were big business for us, and they required technical skill. As we all know, much of that focus has shifted to the cloud and, overall, the role of the MSP is evolving. Read more

Jonathan Crowe

Breaking Cyber Attack Chains with 5 Tools You Already Have Access To

Breaking attack chains header image

Have clients who don't want to pay for third-party security tools, or simply want additional layers of security? See how many attack tactics you can block or monitor for using built-in Windows tools.

For more than a month now, practically any discussion on cybersecurity has centered around the story. You know the one.

And, hey, justifiably so. It’s a huge story that truly does have it all — big-name victims, alleged state-sponsored threat actors, sophisticated tradecraft, threats to national security, not to mention potentially massive ramifications on U.S. cyber policy and regulations.

Plus, it keeps getting bigger!

But while our news feeds continue to be flooded with updates and organizations continue to ponder how they would deal with a similar attack, “bread-and-butter” cybercrime keeps quietly chugging right along. Every day, standard malspam campaigns snag hordes of new victims. Ransomware may be in the unfamiliar position of no longer being the “it” threat, but it continues to pad criminals’ wallets with fresh Bitcoin.

As former Director of the U.S. Cybersecurity and Infrastructure Security Agency Chris Krebs and Red Canary Director of Threat Intelligence Katie Nickels both point out, there’s a tendency to “fetish-ize” state-sponsored actors and overlook the “boring criminal” stuff.

That “boring criminal” stuff is the majority of threat activity that MSPs and their clients are going to face, and despite years of stack and awareness building, many attacks continue to find their way through defenses. Worse, they’re only becoming more damaging and more costly. Read more

Kodie Dower

Lax Device Management Puts Students And Educators At Risk

Every year, students and teachers manage back-to-school stress, but this year, anxieties are up a notch as the specter of a pandemic looms and schools struggle with simply meeting students' needs. This year, many schools are taking a hybrid approach to school, combining elements of in-person and remote learning. But among the complexity of teaching remotely, one area that hasn't been looked at closely enough is the device management practices of newly remote educators and students.

Read more

Kodie Dower

To Pay or Not to Pay: Introducing the 2020 Ransomware Resiliency Report

In recent years, ransomware has proven to be one of the most destructive cyber threats facing the private and public sectors alike. This issue has never been more salient than during the COVID-19 pandemic, which has led to a surge in remote working and phishing attempts against businesses and hospitals. The specter of ransomware, combined with current trends towards remote work, places an urgent need for IT professionals to rethink their security practices and take an informed consideration of the true costs of ransomware.

Read more

Jonathan Crowe

Must-Know Ransomware Statistics and Attack Trends 2020


From massive increases in ransom amounts to big shifts in attack models, these statistics reveal the major new trends in ransomware.

In 2019, ransomware completely evolved. Mass distribution campaigns designed to to indiscriminately infect home users are out. Targeted campaigns aimed at taking down mid- to large-sized organizations are in. As a result, according to several sources, the overall number of infections dropped in 2019. But the infections we did see were more sophisticated, more disruptive, and far more lucrative for the criminals behind the operations.

What's driving this trend? The following stats tell the story. Read more

Jonathan Crowe

Top Phishing Lures and Malicious Email Disguises to Watch Out For

phishing email disguises 2019

Protect your clients from this year's scariest scams and creepiest compromises by teaching them how to see through the most common malspam and phishing disguises.

To celebrate Halloween and the last day of Cybersecurity Awareness Month, we're shedding light on two of the most popular disguises criminals are using to sneak their way past defenses and into inboxes. Share these with your clients as a reminder to stay vigilant and what you're hard at work protecting them from day in and day out. Read more

Jonathan Crowe

MSPs: 6 Keys to Surviving a Ransomware Outbreak Across Your Client Base

MSP ransomware incident response planning

With client-wide infections being reported on a weekly basis, MSPs need to balance prevention with response planning, so when the worst happens, they'll be ready.

Last week, we had the pleasure of hosting a webinar with Huntress Labs CEO Kyle Hanslovan covering a topic on everyone's minds — ransomware. Specifically, ransomware incidents where attackers have compromised MSPs, used their credentials to hijack the MSP's legitimate software tools, and abused those tools to deploy ransomware across their entire client base.

Kyle has personally worked with nearly 40 MSPs who have been victims of these attacks. As a result, he's seen and heard firsthand what owners and technicians go through, and learned what separates the ones who are able to successfully recover from the ones who don't. Read more

Jonathan Crowe

Security by the Numbers: How MSPs are Using Endpoint Detection & Response Tools

With cyber attacks rapidly evolving and becoming more damaging, MSPs are actively seeking out fresh ways to level-up their security offerings beyond traditional antivirus (AV). For many, endpoint detection and response (EDR) tools represent a natural next step. But how many MSPs have actually adopted EDR? What about these tools works — and doesn't work — for MSPs? And how does that compare with the traction EDR tools are getting in the internal IT world?

We surveyed 160 MSPs, MSSPs, and IT professionals to find out. But before we see what they said, a quick primer. Read more

Lewis Huynh

Ransomware Attacks Abusing RMMs: Why We’re Enforcing 2FA

In recent weeks there have been numerous reported incidents of attackers compromising MSPs and weaponizing their internal management tools to deploy ransomware across their customer base.

These attacks are obviously alarming, and helping our MSP partners mitigate this threat has become priority #1. Our team is working around the clock to implement a variety of additional security enhancements, including the following: Read more

Jonathan Crowe

MSP Cybersecurity Checklist: Practical Steps for Securing Your MSP Business from Ransomware and Other Threats

msp cyber security checklist

Managed services providers and their customers have become increasingly popular targets for cyber attacks.

Ransomware criminals, in particular, have singled out MSPs and their customers as prime candidates for extortion, and they've adapted their tactics to create nightmare scenarios.

Rather than simply encrypt the MSP's systems, attackers use compromised MSP employee credentials to hijack the MSP's software tools and use them to deploy ransomware to all of the MSP's customers at once. Read more

Jonathan Crowe

What is EDR? A Clear Definition of Security’s Hottest Buzzword

what is edr

The security industry isn't exactly known for its transparency and crystal-clear messaging. It's a crowded and competitive market, packed with vendors feeling the pressure to differentiate themselves and keep up with competitors. These days, there's a tendency to claim multilayered or "all-in-one" protection, but what exactly that consists of varies, and comparing offerings can be confusing.

It also doesn't help that security terminology reads like alphabet soup.

One of the acronyms we're seeing thrown around a lot lately is EDR, short for endpoint detection & response. Nearly every security vendor is now saying they offer some form of EDR, so let's define what it is and explain what it does in relation to other products in your security stack. Read more

Jonathan Crowe

Alert: Wormable Flaw in Remote Desktop Services Could Result in New WannaCry-Like Outbreak


With exploitation "highly likely," Microsoft is urging Windows users to patch now, and has even issued fixes for out-of-support versions including Windows 2003 and Windows XP.

This month's Patch Tuesday was a doozy. Read more

Jonathan Crowe

ASUS Supply Chain Attack Possibly Infected Half a Million Computers: How to Tell If You're Affected

ASUS supply chain attack 2018

On Monday, Kim Zetter at Motherboard broke the news that attackers had hijacked the software update tool for ASUS, one of the largest computer makers in the world. Researchers estimate the tool was used to install backdoors on hundreds of thousands of machines between June and November 2018. Here's what you and your clients need to know. Read more

Jonathan Crowe

7 Eye-Opening Cybersecurity Statistics Every Small Business Needs to Know in 2019


Photo by Mike Petrucci

With cyber attacks on small businesses increasingly common, is 2019 the year "it'll never happen to us" mindset finally gets put to rest?

Businesses don't need to be massive corporations or house treasure troves of sensitive information to be frequent targets of cyber attacks. In fact, recent cybersecurity statistics show that, despite their size, small businesses account for the majority of data breaches (58%). Read more

Jonathan Crowe

Why MSPs Are Now Big Targets for Cyber Attacks — And What You Can Do About It

Photo by Andre Hunter

The year is young, but 2019 is already shaping up to be another rough one on the security front. Particularly concerning is the growing number of attacks explicitly targeting MSPs and their customers. Read more

Jonathan Crowe

Ryuk Ransomware Cripples MSP and Major Newspapers, Represents Dangerous Shift Toward Coordinated Attacks

Photo by Bank Phrom

A rise in coordinated Ryuk ransomware attacks represents a major new threat for MSPs and their clients in 2019. Here’s what you need to know.

Ransomware was already at the top of many MSPs' security concerns. Now attackers are deploying it more strategically, making it an even bigger threat. To understand what's dangerous about this new trend and what you and your clients need to be doing differently to protect yourselves, let's dig into two recent high-profile attacks deploying ransomware called Ryuk. Read more

Team Ninja

2019 Predictions: The Impact of Security on an MSP’s Business

At the end of every year, it seems like every business takes a moment to ponder over what’s been accomplished in the past year, looking for ways to improve operations and increase revenue in the coming year. In my last blog, I looked back at the state of security in 2018 and how it affected MSPs.  I’d like to take the opportunity in this article to do a bit of looking forward towards next year, focusing in on some security predictions that will change the way you offer security services.

Read more

Team Ninja

SMB Cybersecurity is a Big MSP Service Opportunity for 2019

This year has seen massive changes to the face of cyberattacks. We’ve gone from threats from small numbers of criminal organizations to every part of a cyber crime available as a service. Nearly every type of cyber attack – malware, ransomware, cryptomining, data breaches, phishing, fraud, and more – have all reached record levels.

While large organizations with millions of records tend to get the focus in the news, it’s the small and medium-sized business (SMB) that seems to always be fighting an uphill battle when it comes to cybersecurity.

2018 was no exception.

Read more