IT NEWS

Last August, LastPass suffered a well publicised breach: Developer systems were compromised and source code stolen. This resulted in a second breach in November, which was revealed by LastPass in December. The company has now revealed that the individual(s) responsible for the attack also compromised a remote employee’s computer, in order to capture credentials used in the second attack.

The credentials allowed the attacker to steal data from Amazon AWS cloud storage servers used by LastPass for a little over two months.

The remote developer’s PC was reportedly compromised via a remote code execution vulnerability in a third-party media player, which was exploited to deploy a keylogger. After this, the attacker was able to wait until the employee entered their master password and authenticated themselves with multi-factor authentication.

The attacker was able to access the DevOps engineer’s LastPass corporate vault. From the LastPass support page:

The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.

The compromised developer was one of only four people with access to the decryption keys needed to access cloud storage services. This is very much the definition of a targeted attack.

According to LastPass, once the attacker was inside the DevOps Engineer’s LastPass corporate vault, they were able to export all manner of potentially useful information.

The support page mentions that as part of the post-attack work being done, the DevOps engineer is being assisted with “hardening the security of their home network and personal resources”.

It’s somewhat remarkable to think that a big chunk of the above LastPass chaos is down to someone running a media player on a system used for work. Or, put another way, LastPass allowing an employee to use a computer with a vulnerable media player for work. We don’t know if it was a work machine, or a home machine, but the two look very alike these days, with home devices used to access the office, and work devices used for non-work activities.

There is a grey area here, then, in terms of whether using a personal device for work should have been subject to “acceptable / unacceptable” software installation decisions by IT. Considering the severity of this particular attack, there’s probably a good case for it.

What to do if you’re a LastPass user

At the moment, there is nothing you need to do if you have already followed the advice during the December breach reveal. However, if you are only now finding out about the various LastPass breaches:

• Change your master password and then begin changing the logins inside your vault as soon as possible, starting with the most important.
• Start using multi-factor authentication (MFA) to make your account immune to similar compromises in future. LastPass supports several kinds of MFA.

How to work from home securely

• Use devices supplied or approved by your employer. This ensures your machine meets your security team’s requirements.
• Use a VPN to connect to the office network. A corporate VPN protects traffic from prying eyes as it travels over the Internet.
• Change your router password. Don’t rely on the default password your router shipped with—these often end up in long lists online.
• Keep software up to date. If your employer is unable to update your software automatically, you’ll have to do it. Don’t ignore those popups telling you that an update is available.
• Use effective endpoint protection. Malwarebytes Endpoint Protection detects malware like keyloggers, and is designed to be easy to deploy and administer on remote machines.

For more information about working from home securely, read our security tips for working from home.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

Don’t let their small size fool you: mobile devices can have a big impact on your security posture. It’s easy to see why, considering that almost half of organizations said they suffered a mobile-related compromise in 2022.

Malware and phishing are two particular mobile threats that you need to defend against in 2023. Just check out the following stats from last year:

• 18 percent of clicked phishing emails in 2022 came from a mobile device. (Verizon Mobile Security Index 2022)
• 46 percent organizations that had suffered a mobile-related security breach in 2022 said that app threats were a contributing factor. (Verizon Mobile Security Index 2022)
• 9 percent of organizations suffered a mobile malware attack in 2022. (Check Point 2023 Cyber Security Report)

In addition, according to Malwarebytes research, 45 percent of schools reported that at least one cybersecurity incident last year started with Chromebooks or other mobile devices.

In this post, we’ll talk about the threat that phishing and malware pose to mobile endpoint security and how to crush them.

Mobile devices have a huge target on their backs

Mobile devices are a key part of today’s modern business: 56 percent of employees rely on at least four to eight enterprise applications on their mobile device.

But wherever sensitive data exists, threat actors are out there trying to get their hands on it.

The explosion of bring-your-devices (BYOD) policies during and after the pandemic created a large, new attack surface. Employees love mobile devices for their convenient access to corporate data systems; attackers love them for the same reason.

Malware on Android

First things first, malware is a much bigger threat to Android devices than it is to iOS devices, as iOS malware is extremely rare.

Malware on mobile Android devices comes in many forms, including adware, ransomware, trojan-banker (aka ‘bankers’), and trojan-dropper (aka ‘droppers’). Droppers, considered the “most Trojan of Trojans,” disguise themselves as innocent apps to steal personal and financial data. Droppers can install copies of themselves, and because they can drop software that downloads other malware, they can be used to establish a permanent gateway into a smartphone, and then into a business

In our 2022 State of Malware Report, Malwarebytes found that droppers accounted for 14 percent of detections on Android. Other malware is more widespread, but droppers pose the greatest danger to organizations.

Examples of recent Android malware

Phishing on iOS and Android

Phishing has always worked wonders for attackers, and if it ain’t broke, don’t fix it—including on mobile devices. In fact, Zimperium found the number of phishing sites that target mobile devices specifically has seen 50 percent growth from 2019-2021.

Phishing attacks on Android and iOS range from email to banking, SMS (smishing), and even attempting to trick users into handing over legitimate two-factor authentication codes.

Targeted phishing campaigns on enterprise mobile devices are common, with threat attackers often impersonating companies such as Apple, PayPal, and Amazon.

Mobile Device Management (MDM) ain’t the solution

A common misconception that we hear when we talk about mobile endpoint security is that MDM is the solution to all of our mobile malware and phishing woes.

It’s not.

Mobile device management services only secure use of corporate data, but are not designed to counter threats such as malware and phishing on iOS and Android devices.

Organizations should look beyond MDM platforms and toward mobile security products that use a variety of techniques, including behavioral analysis, to crush mobile threats. Some features of a robust mobile threat defense product include:

• 24/7 real-time protection against emerging threats
• Advanced antivirus, anti-malware, anti-spyware capabilities
• Malicious app protection
• App privacy audit
• Safe web browsing
• Block ads and ad trackers
• Filters suspicious fraudulent texts
• Spam call blocking

Malwarebytes makes mobile device security easy

With Malwarebytes Mobile Security for Business, you can put a damper on mobile attacks on your organization in just a few clicks.

In Nebula, our cloud-hosted security platform made for small to large businesses (OneView for MSPs), all you have to do to get started is activate the endpoint agent for your mobile devices.

From there, you set how your mobile endpoints behave by adding a new policy and selecting Web protection and Ad block for iOS and Behavior protection for ChromeOS and Android.

Once you save this policy, you’re set!

Admins gain immediate visibility into mobile device activity, enabling IT teams to easily identify and report malicious threats, PUPs, and PUMs.

The Malwarebytes Mobile Security app on IOS (left) and Android (right)

The statistics don’t lie—phishing and malware pose a big threat to mobile endpoint security in 2023. But with a mobile threat defense solution like Malwarebytes Mobile Security, you can crush threats like these and more. Get a free trial and/or quote below!

Get a quote or free trial of Malwarebytes Mobile Security

Voice ID is slowly rolling out across various banks worldwide as a way to perform user authentication over the phone. However, questions remain about just how secure it is. Now that we have freely available artificial intelligence (AI) happily replicating people’s voices, could it be a security risk?

Some recent research suggests that it could.

Vice reporter Joseph Cox put it to the test, with surprising results. All it took was five minutes of recorded speech and a site that can learn to synthesise the voice in the recording.

At first the banking website refused to verify Cox’s synthesized voice as genuine. But with a few tweaks, it soon allowed Cox into his account.

From here, he had access to account information, recent transactions, transfers, and balances. You’ll note from the video below that an additional piece of information is required here in the form of date of birth.

Thankfully, you can’t just use the voice on its own and log straight in to this bank. However, while dates of birth are often use as a form of authentication they are not secret. If an attacker is determined enough to find or create five minutes of your voice recordings, they are unlikely to be deterred by the (probably much easier) task of finding out your birth date.

The bank used for the test claims that criminals would rather use other more common methods of attack than AI voice recordings, and that deploying voice ID has led to “a significant dip in fraud with phone banking”. This may well be true, but that dip presumably occurred before the wide availability of AI tools like ChatGPT.

The stunt is a useful reminder that unlike passwords, which are either right or wrong, all forms of biometric authentication are analogue. Voice, fingerprint, face, and iris recognition all rely on a judgement of similarity, which creates opportunities for enterprising criminals who can produce realistic facsimiles. It’s why your iPhone fingerprint recognition is backed up by a passcode, and why the bank in the test also included a birth date in its authentication process.

What’s  next for voice AI?

The AI genie is most definitely out of the bottle, with AIs being used for all manner of good things, like additional voice lines in video game mods, and all sorts of bad things too.

If you’re deploying voice recognition as part of your business, it would be wise move to pay close attention to the rapidly improving area of voice synthesis. Don’t let the words “My voice is my password” come back to haunt you in the worst way imaginable.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

When is an iPhone theft not just an iPhone theft? When the user’s Apple ID and more, goes with it.

That’s what the Wall Street Journal reports has been happening over recent months. The paper interviewed a handful of people who fell victim to old-school phone theft while out in a bar. But it wasn’t just the phone that was taken.. In minutes, they were also denied access to their Apple accounts and everything attached to them, including photos, videos, contacts, notes, and more.

Some of the victims were robbed of thousands of dollars in the form of drained bank accounts, money taken from Venmo or other money-sending apps, and Apple Pay charges.

Most victims have shared the same story: They are befriended by a small group of two to three people. At some point in the evening, a gang member watches the victim entering their passcode (law enforcement says sometimes members secretly film this process). Then the phone is stolen, usually without the victim noticing.

Some victims say they were physically assaulted and threatened into revealing their passcode. Others believe they were drugged and don’t remember how their phone got swiped.

Once the phone has gone, the thieves log in to the person’s Apple ID and change it to something of their own. None of Apple’s current security features—Face ID and Touch ID—can protect users from thieves who have physical access to a phone and know its passcode. Even the new security key meant to protect Apple IDs doesn’t prevent anyone from making account changes using only a passcode. Surprisingly, a passcode can be used to remove security keys from an account.

Device theft cannot be completely avoided. But, learning from the thieves’ modus operandi, iPhone users can still take steps to minimize the likelihood of them becoming successful targets.

“People forget that what they’re holding in their hand is their entire life,” says Sgt. Robert Illetschko, an investigator on iPhone theft cases in Minneapolis. “If someone has access to it, they can do a lot of damage.”

How to protect your iPhone data

1. Cover your screen in public

Thieves use various tactics to get their victim’s passcode. This includes shoulder surfing and surreptitious video recording. When you’re in public, practice keeping your passcode out of prying eyes. One way of doing this is relying on a different lock method, like Face ID and Touch ID. Think of and treat your passcode as an ATM PIN.

2. Strengthen your passcode

Make your passcode one which isn’t easily guessed (so no 1234 here!). Even better if you can use an alphanumeric passcode.

3. Add more protection to apps

It’s worth taking a look at the security settings in your banking and money transfer apps, and putting the strongest security on them as possible. Venmo, for example, lets users add a passcode—just make sure it isn’t the same as your iPhone.

4. Use a password manager

We’re not referring to Apple’s iCloud Keychain password but a third-party one like 1Password, which offers biometric authentication.

5. Delete photos and scans of important documents on the phone

Since thieves can search for “SSN”, “passport”, “license”, and other PII (personally identifiable information), it’s best to not have important files removed from the phone. If you really need to have important documents with you, store them in your third-party password manager.

6. Act quickly

If you spot your iPhone is missing, sign in to your iCloud using another device and remote wipe your phone as soon as you can. Call your carrier to deactivate your SIM, too, so thieves can’t receive any SMS verification. Finally, change the passwords of any accounts you use on the phone, and revoke all access from devices.

Stay safe!

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

The US Marshals Service (USMS) says it’s suffered a ransomware attack in which a threat actor managed to get hold of sensitive information about staff and fugitives.

On February 17, 2023, the attacker infiltrated a system that held information about ongoing investigations, including personally identifiable information (PII) of fugitives, staff, and third parties.

As with most ransomware attacks nowadays, the attacker also exfiltrated data before starting the encryption routine. Ransomware gangs threaten to disclose stolen data on so-called leak sites as extra leverage to get a victim to pay the ransom. 

One of the tasks of the USMS is to assure the safety of endangered government witnesses and their families. Luckily, according to sources, the attackers didn’t gain access to any data related to the witness protection program WITSEC.

The USMS says it is using a workaround to keep its investigations going.

Major incident

The USMS says the ransomware and data exfiltration event affected a single standalone USMS system.

But even though it wasn’t connected to a larger federal network, the cyberattack was considered a major incident by officials. That’s because the breached data contains law enforcement sensitive information pertaining to the subjects of Marshals Service investigations.

Federal agencies are required to report major incidents to Congress within seven days of identification.

Investigation

According to Drew Wade, spokesperson for the USMS:

“Shortly after that discovery, the USMS disconnected the affected system, and the Department of Justice initiated a forensic investigation.”

For now it is unclear which ransomware group is behind the attack. Nor is it clear how the access was obtained or whether there has been a ransom demand. It is very unlikely that such a demand will be met. A 2020 ruling by the US Department of Treasury’s Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) states most cases of paying a ransom may be considered a violation of US anti-money laundering and domestic and international sanctions.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

People working remotely is no longer unusual, so the National Security Agency (NSA) has produced a short Best Practices PDF document detailing how remote workers can keep themselves safe from harm. In fact, the guide can also be applied to people using computers at home generally and is written in a way that’s easy to understand.

Back to basics

The NSA’s three main executive summary points are:

• Upgrade and update all equipment and software regularly, including routing devices
• Back up your data and disconnecting any devices you can
• Limit administration to the internal network only

You may be surprised by how seemingly basic these suggestions are given the source, but this simplicity is in its favour. Consider how many folks will only decide to start making backups once they’ve lost everything for the first time. You have to start somewhere, and not every organisation asking employees to work from home has necessarily considered these opening talking points due to budget, resources, or other factors. They may not even have a budget for work-owned devices, amd may instead be relying on employees using their own devices.

Even thinking about who has access to what on a home network is beneficial—there’s nothing wrong with limiting access to guests on the home network, for example. Some routers and packages allow you to isolate guests on their own little network, away from the main one. This can help reduce the spread and impact of an infection, and keep all of those valuable work and / or home documents safe.

Much of the NSA’s advice leans heavily into ensuring all the little things are taken care of:

• Keep your software up to date. From Windows to your web browser, everything needs to be updated regularly.
• Keep your router updated. This may sound odd if your router is supplied by your ISP, as many of those update automatically. But if you run an off-the-shelf router you may be fully responsible for its overall well being. This isn’t mentioned, but you should consider changing the default password when you first boot up the router. Without some hunting around on the Internet, you may never know if what’s shipped is a default applied to multiple routers, or if it’s unique to you.
• Use a password manager and two-factor authentication (2FA). The guide highlights that while some form of 2FA is better than nothing, some types of 2FA are better than others.
• Separate work and life activities. It’s a lot easier to figure out where a breach happened if you don’t have sensitive work documents scattered across 3 personal devices.
• Connect to your office with a Virtual Private Network (VPN). Using a work-supplied VPN makes your computer part of the work network, keeping data safe as it travels over the Internet.

Getting physical about security

There’s a strong focus on physical device security of one kind or another too, which is often overlooked. Some highlights include:

• Cover your webcam.
• Mute microphones.
• Limit sensitive conversations.

The latter is particularly interesting given the slow rise of IoT in the home alongside an increasing amount of voice activated and “always listening” hubs. As the guide notes, all of the below could potentially cause trouble if set to record:

• Baby monitors
• Children’s toys
• Smart devices
• Home assistants
• Games consoles
• PCs with microphones attached

This is especially the case where a poorl-secured device is recording audio and storing it (for example) on a wide-open server where anyone can grab the contents. If you have children at home, consider how many of the toys in the next room may have recording / Internet connectivity and make yourself a to-do list.

If you’re going to make backups, I would add to the NSA’s advice to place files on an external device by suggesting that you also encrypt your data. While it’s unlikely that someone will break into your home and steal a hard drive, better safe than sorry. You’re probably more at risk of taking it somewhere and accidentally losing it, so the encryption will help in any case. Finally, keeping those external devices disconnected when not in use will help lessen the device’s exposure to bad things. If you experience an infection on your PC, you don’t want it affecting your backups.

Unsocial networks

There’s quite a bit of advice in relation to social networks and social engineering. It’s easy to let your guard down when at home, and security advice from work may be a little harder to come by when not in the office.

• Don’t post personal information online that can be used to reset your passwords, such as your first pet’s name or the street you grew up on.
• Lock your contact list down to friends only, if you can.
• Watch out for copycat and imitation profiles.

The best practices document also correctly notes that it’s worth checking both the Terms of Service and app or website settings regularly. Changes in policy can leave you exposed.

Overall, the NSA has produced a useful step by step guide covering a lot of bases, including public hotspots, email, and even user habits. Give the document a read and feel free to add in some tips you think the NSA may have missed in the comments section.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

Last week on Malwarebytes Labs:

• GoAnywhere zero-day opened door to Clop ransomware
• Chip company loses $250m after ransomware hits supply chain
• GoDaddy says it’s a victim of multi-year cyberattack campaign
• Twitter and two-factor authentication: What’s changing?
• How to set up two-factor authentication on Twitter using an app
• How to set up two-factor authentication on Twitter using a hardware key
• Multilingual skimmer fingerprints ‘secret shoppers’ via Cloudflare endpoint API
• HardBit ransomware tailors ransom to fit your cyber insurance payout
• The 5 most dangerous cyberthreats facing businesses this year
• Samsung adds Message Guard protection against zero-click exploits
• DNA testing company fined after customer data theft
• BlackCat ransomware targets another healthcare facility
• Royal Mail schools LockBit in leaked negotiation
• Malwarebytes wins 2023 CRN ‘Coolest Endpoint And Managed Security Companies’ award
• Fake Amazon Prime email abuses LinkedIn’s URL shortener
• Arrested: Fearmongering data thieves who victimized thousands of businesses

Stay safe!

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

The privacy protection authorities for Canada, Québec, British Columbia, and Alberta have announced they will start an investigation into TikTok’s privacy practices, especially in relation to its younger users.

The investigation will include whether the company obtained valid and meaningful consent from its users for the collection, use, and disclosure of their personal information.

The investigation was initiated in the wake of now settled, class action lawsuits in the United States and Canada, as well as numerous media reports related to TikTok’s collection, use, and disclosure of personal information.

TikTok

TikTok claims to have 1 billion users, and when you look at the age distribution it’s no surprise to see that younger people take up the largest share of users.

Source: App Ape

So, it is understandable that the Canadian regulators put extra emphasis on protecting the privacy of younger users.

Since it is near impossible to determine with whom information is shared, the focus of the Canadian investigation will be to determine if the company is meeting its transparency obligations, particularly when collecting personal information from its users. It will also assess whether the organization’s practices are in compliance with Canadian privacy legislation.

Bans

The Chinese-owned platform is under growing Western scrutiny. The FCC has called the app a “unacceptable security risk” and asked it to be removed from app stores.

Because of the suspected ties to the Chinese government, TikTok has been banned from the devices of state employees in several US states. The US Congress passed a ban on downloading TikTok for most government devices, which President Joe Biden signed in late December, and momentum is building among lawmakers to broaden it even further.

Recently, public authorities in the Netherlands were told to steer clear of TikTok. Staff working at the European Commission have been ordered to remove the TikTok app from their phones and corporate devices. In the UK, there is a call for the UK government to follow the European Commission, the EU executive, and the EU Council, and order staff to delete the app.

Last year the state of Indiana filed a lawsuit against TikTok because it found that TikTok’s 12+ rating on the Apple App Store and the “T” for “Teen” rating in the Google Play Store and the Microsoft Store are misleading, since minors are repeatedly exposed to inappropriate content generated by the app’s algorithm.

There have also been concerns that TikTok does not limit its tracking to users of the app.

Defense

TikTok said privacy is a top priority. TikTok’s main defense consists of the fact that most of its senior staff are outside of China. In defense of the earliest accusations, TikTok clarified on its blog where its data are stored, saying the data are not subject to Chinese law.

“TikTok is led by an American CEO, with hundreds of employees and key leaders across safety, security, product, and public policy here in the US. We have never provided user data to the Chinese government, nor would we do so if asked.”

A representative for TikTok stated as a response to the announced Canadian investigation that it has tried to set the record straight regarding how the company protects Canadians’ privacy.

We’ll keep you posted on how this develops.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

Government threats to end-to-end encryption—the technology that secures your messages and shared photos and videos—have been around for decades, but the most recent threats to this technology are unique in how they intersect with a broader, sometimes-global effort to control information on the Internet.

Take two efforts in the European Union and the United Kingdom. New proposals there would require companies to scan any content that their users share with one another for Child Sexual Abuse Material, or CSAM. If a company offers end-to-end encryption to its users, effectively locking the company itself out of being able to access the content that its users share, then it’s tough luck for those companies. They will still be required to find a way to essentially do the impossible—build a system that keeps everyone else out, while letting themselves and the government in. 

While these government proposals may sound similar to previous global efforts to weaken end-to-end encryption in the past, like the United States’ prolonged attempt to tarnish end-to-end encryption by linking it to terrorist plots, they differ because of how easily they could become tools for censorship. 

Today, on the Lock and Code podcast with host David Ruiz, we speak with Mallory Knodel, chief technology officer for Center for Democracy and Technology, about new threats to encryption, old and bad repeated proposals, who encryption benefits (everyone), and how building a tool to detect one legitimate harm could, in turn, create a tool to detect all sorts of legal content that other governments simply do not like. 

“In many places of the world where there’s not such a strong feeling about individual and personal privacy, sometimes that is replaced by an inability to access mainstream media, news, accurate information, and so on, because there’s a heavy censorship regime in place,” Knodel said.  “And I think that drawing that line between ‘You’re going to censor child sexual abuse material, which is illegal and disgusting and we want it to go away,’ but it’s so very easy to slide that knob over into ‘Now you’re also gonna block disinformation,’ and you might at some point, take it a step further and block other kinds of content, too, and you just continue down that path.”

Knodel continued:

“Then you do have a pretty easy way of mass-censoring certain kinds of content from the Internet that probably shouldn’t be censored.”

Tune in today. 

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

CRN, a trusted source for IT channel news and analysis, has named Malwarebytes one of the “Coolest Endpoint And Managed Security Companies” on the 2023 CRN Security 100 list.

The CRN Security 100 highlights channel-friendly cybersecurity vendors across a number of market segments including Endpoint and Managed Security, Identity Management and Data Protection, Network Security, and more. Solutions that leverage cloud-native technologies and provide more comprehensive detection capabilities are featured prominently on the list.

By featuring Malwarebytes on their list of key cybersecurity vendors for 2023, CRN recognizes the strides we’ve made to best serve our channel partners in the past year, including:

• Expanding our partner network to more than 3,000 global MSP partners and over 250 percent growth YoY
• Forming new strategic partnerships with Addigy, Atera, ConnectWise, GCN Group, Kaseya/Datto, Sherweb, TeamViewer, and Pax8, among others.
• Growing the MSP sales and marketing team 175 percent YoY to support partners across geographies and industries.
• Continuing to expand the Malwarebytes OneView platform to offer Vulnerability & Patch Management, Application Block, DNS Filtering and MDR in combination with award-winning EDR.

And on the Value Added Reseller (VAR) front:

• Continuing to strengthen key partnerships with distribution and partners, including TD Synnex, Carahsoft, CDW, SHI, Insight, and Howard Technologies.
• Increasing transactions 100 percent YoY with VARs in the US.
• Working to align with key partners and distributors in EMEA and APAC, including Climb Channel Solutions, Sysob, BlueChip, and ACA Pacific.
• Focusing on the K-12 market with VAR partners and distributors and bringing our brand new mobile solution to schools to secure the more than 50 million Chromebooks being used in K-12 globally.

Learn more about our partner program here: https://www.malwarebytes.com/partners

The state of MSP cybersecurity

As the attack surface gets bigger and bigger for businesses, it’s become clear that Managed Service Providers (MSPs) need a solution that both grows their business and meets the security needs of their customers.

But there’s a problem.

Constrained staff resources, skyrocketing costs, and the complexities of managing multiple solutions all make it difficult for MSPs to adapt to the constantly evolving cybersecurity landscape, leading to lengthy incident response times and business inefficiencies that limit growth.

In fact, Kaseya’s 2022 MSP Benchmark Survey shows that the second and third most common business challenges for MSPs right now are security and hiring, respectively.

• In 2022, 39 percent of all ransomware attacks targeted service providers, followed by 12 percent for healthcare and 9 percent for the manufacturing industry.
• Many MSPs must support multiple tools in various environments with limited people. Multiple licenses and vendors equals higher cost and less visibility.
• MSPs need to maintain multiple compliance requirements for their customers, including HIPAA, PCI DSS, and GDPR.

Malwarebytes OneView

Enter Malwarebytes OneView, a powerful and affordable security management platform that gives MSP security teams maximum control. For Value-added Resellers (VARs), Malwarebytes Nebula is the equivalent platform.

Precise, thorough remediation

As threats occur, OneView and Nebula offer intuitive and automated controls for rapid response powered by our award-winning Endpoint Detection and Response (EDR) technology. We offer seven layers of protection, multi-mode isolation, 72-hour ransomware rollback, and more.

Single multi-tenant console

OneView’s multi-tenancy enables MSPs to streamline operations with centralized management of customer server and workstation endpoints, license subscriptions, reporting, and global policies.

Subscription management

Intuitive design in OneView allows MSPs to easily track and manage customer license subscriptions across sites and provide a higher level of service and attention.

Integrations

With native integrations into leading remote monitoring and management (RMM) and professional services automation (PSA) platforms, Malwarebytes OneView enables your MSP team to streamline operations.

Malwarebytes OneView dashboard view

Constantly expanding

Malwarebytes has only continued to build upon both OneView for MSPs and Nebula for Value-Added Resellers (VARs), adding three new modules that simplify breach prevention within the same cloud interface MSPs already trust for detection and remediation:

Vulnerability and Patch Management

Enables MSPs to take control of their full vulnerability assessment and patching process, helping ensure defenses are up to date across their clients’ environments.

DNS Filtering

Regulate access to websites and other content on company-managed networks, which in turn reinforces the security of company data.

Application Block

Protects endpoints by preventing unauthorized software from executing across your clients’ sites.

For VARs, Malwarebytes Mobile Security is a new offering in Nebula which provides unified protection for Chromebooks, Android, and iOS mobile devices.

We plan to continue expanding OneView and Nebula with further product innovation, including adding more modules and in-platform integrations for OneView with other top remote monitoring and management (RMM) and professional services automation (PSA) platforms.

Managed Detection And Response (MDR) For MSPs

Gartner reports that, by 2025, 50 percent of organizations will be using Managed Detection and Response (MDR) services for threat monitoring, detection, and response functions that offer threat containment capabilities.

In other words, MDR is shaping out to be table stakes for any MSP provider in the coming years—but many MSPs lack staff or budget to build MDR programs in-house.

Launched last year, our purpose-built managed detection and response (MDR) offering for MSPs helps alleviate these challenges.

With our elite team of MDR analysts monitoring your customer endpoints 24×7, Malwarebytes MDR simply and effectively closes your security resources gap, reduces the risk of unknown threats to your customers, and increases your ability for new business growth.

Value-Added Resellers (VARs) bolster their clients’ cybersecurity with Nebula

Our commitment to the channel doesn’t stop at MSPs.

By reselling our powerful solutions, VARs can combat the world’s most harmful threats and solve your customers’ unique security challenges.

Malwarebytes is committed to VAR success and has significantly invested in the channel with offerings that include sales and technical training, tools, and certifications.

Partner Portal

Our partner portal app is an easy way to access sales and marketing resources, register deals, and provide your customers with free trials.

Sales and Technical Training

Whether on-demand or onsite, Malwarebytes has the training curriculum to provide you with the necessary skillset to sell and support Malwarebytes solutions.

Marketing Resources

Malwarebytes will support your marketing initiatives and provide branded marketing and sales materials that can help you win deals.

Malwarebytes Nebula dashboard view

Dedicated to MSP partner growth

Malwarebytes is honored to receive the 2023 ‘Coolest Endpoint And Managed Security Companies’ award by CRN—and we have no intentions of slowing down.

Apply today or reach out to us for a demo.