Cyber Threats Don't Take Time Off

The truth is simple: cyber threats don’t take a day off, and neither can your defenses.

Cybercriminals don’t wait for the weekend. They don’t clock out at 5 p.m. They don’t pause for holidays, vacations, or long weekends.

But unfortunately, too often security programs do.

For MSPs, this creates a growing gap between client expectations and operational reality. Threats evolve continuously, but most security programs still operate in bursts—major upgrades here, a compliance review there, and occasional fire drills when alerts spike.

Continuous protection, however, doesn’t mean constant panic. It means building systems, habits, and visibility that work even when your team isn’t online. It’s about knowing that your clients’ security posture stays strong on a Sunday afternoon, not just during business hours.

Here are a few of the threats continually plaguing the cybersecurity community, and stories of organizations who have built the effective security programs to combat them.

Threat Digest

Todyl’s Threat Research team continually uncovers new and emerging threats that plague MSPs and the organizations they serve. Here are several of the most recent and potentially damaging ones:

OneStart AI Browser

This seemingly innocent AI-powered web browser hides multiple potential threats that can have lasting impacts on organizations:

  • Bundled installations of unwanted software
  • Advertising disguises for potentially malicious sites
  • Search hijacking, redirecting traffic
  • Persistent presence with hidden, scheduled reinstalls after removing the program

The application creates a recurring foothold that can be used for other software distribution, including malware.  

Learn more about what we’ve uncovered about the OneStart AI Browser Deception  and how to identify and remove it.

Epibrowser

Similar to OneStart is Epibrowser, another potentially unwanted program (PUP) that poses as Chromium and carries additional possible risks:

  • Hidden automatically executed tasks
  • User browsing activities redirection and data scraping
  • Network monitoring and security bypass
  • Privacy and security setting modifications to reduce detection likelihood

Just like OneStart, Epibrowser can steal browsing data and serve up ads and search results that can expose organizations to malware.

Read more about the effects of the Epibrowser PUP and how to address it.

SonicWall SSL VPN Vulnerability

Besides these new browser-based threats, a persisting vulnerability in SonicWall VPNs is opening up businesses to potential malware. Threat actors Akira and Sinobi use the opening as a way to break into networks and deploy ransomware.

This threat should be addressed immediately. Read our guidance on the SonicWall VPN vulnerability and see how to take care of it yourself.

Akira Ransomware

The culmination of these threats, the Akira ransomware group uses these and other vectors to deploy their malware. Working tirelessly, the advanced threat actors won’t stop at just deploying malware. They will work their way through an organization’s network to find additional targets and engage in double extortion schemes.

Read our full breakdown of the Akira Ransomware group to learn their tactics and how to stop them.

To learn about other ongoing threats from around the industry, check out our Threat Research feed.

Stopping Threats Around the Clock

Despite the looming threats described above, organizations can take action, build a strong cybersecurity program, and stop attacks in their tracks. Here are just a few stories of Todyl partners who have protected themselves and their clients from constant threats.

  • Sunday Ransomware Incident: When one partner received a critical alert on a Sunday afternoon that they were under attack, they didn’t panic. With Todyl Endpoint Security and help from the MXDR team, they were able to prevent a threat actor from stealing user credentials and data. If unmanaged, the attack could have led to a full-blown ransomware attack.
  • Quick Intuition Prevents Ransomware: After seeing an alert regarding file execution in a client environment, this partner consulted with a different MDR service, who said the problem was taken care of. Wanting to be sure, they deployed Todyl to the client, which found several malicious PowerShell scripts still running on the client device. Within minutes, the actual threat was eliminated, stopping the bad actor from destroying the client’s environment.
  • Stopping Ransomware on a Saturday: Alone and on call over a weekend, one partner received a Defender alert: endpoint-level processes affecting a client. The client didn’t have Todyl deployed, so rolled out the platform to the client, and within five minutes, was able to stop ransomware from fully taking over the client’s device.

Take Action to Stop Ongoing Threats

These stories highlight that, for attackers, operating hours are 24x7x365. So, to be fully prepared to stop threats at all times, you need a cybersecurity program that’s ready to act whenever they do.

This Cyber Action Month, take the first step towards keeping yourself and your customers protected. Reach out to Todyl to learn how you can equip yourself to protect what you’ve built against constant threats.

See Todyl in Action

Learn how you can protect what you built.

Stay on the Cutting Edge of Security

Subscribe to our newsletter to get our latest insights.