3 Reasons MSPs Are Targeted in Cyberattacks
- by Justice Levine
More companies are outsourcing their IT and data workloads, and having a strong security posture is becoming increasingly critical for managed service providers (MSPs). Threat actors are constantly coming up with new ways to find and exploit vulnerabilities.
MSPs are targeted by hackers because they have access to potentially hundreds of businesses and serve thousands of users and devices. Because of this, MSPs in particular are being targeted more frequently, adding pressure on providers to supplement their cybersecurity. This article will discuss the reasons why MSPs are being targeted, as well as how businesses can protect themselves.
Why MSPs Are Attractive To Attackers
Experts have been warning about the increase in malicious attacks targeting MSP customers since 2017. This problem has only grown and continued to impact channel partners by putting their reputations at risk. Three reasons MSPs are being targeted by attackers include:
MSPs Serve Multiple Clients With Even More Endpoints
The MSP channel has been growing rapidly for years, and with the pandemic, accelerated digital transformation has only gained more momentum. This leads to more customers entrusting MSPs with more data. Smaller MSPs may lack the resources or expertise or staff necessary to maintain a security infrastructure with distributed workforces, making them more vulnerable to cyberattacks. Even a small MSP can serve a huge number of clients, creating the opportunity for a ripple effect.
An MSP’s Distributed Network May Enable Widespread Attacks
In addition to more MSP customers for hackers to target, MSP networks are also vulnerable to widespread attacks. Not only are there a lot of victims to exploit, but they are likely to be attacked at the same time, typically with ransomware.
MSPs Lack Control Of a Client’s Security Posture
An MSP might manage a company’s data, but it may not follow other security practices, such as providing security training for a client’s employees or implementing security policies. These tasks are often left to internal departments, making it easy for knowledge gaps and discrepancies to form between an MSP’s mandate and the client’s own activity. The client may also work with other third-party vendors, adding another layer that must be secured.
We have also seen an increase in supply chain attacks that affect large numbers of customers, with a 650% surge in supply chain attacks in 2021 alone. Small and medium-sized businesses are particularly vulnerable as they are low on the supply chain and often don’t have the expertise or bandwidth to put in place appropriate defenses. Because of the trust relationship between SMEs and MSPs, compromising the MSP would mean a straight path to the SMEs they also control.
Consequences of a Successful Attack
A successful attack on an MSP can have a severe and lasting impact that is split into two categories – direct and indirect.
The most obvious impact of a breach is the compromise of hundreds of accounts at the same time, followed by the disruption it can cause to your business, such as a lengthy clean-up operation and systems downtime. Additionally, there may be a financial loss from the disruption if your business is attacked with ransomware but can also come in the form of financial liability in lawsuits, productivity and revenue loss, and remediation costs. Otherwise, a malware attack that causes a long period of system outage could also lead to a huge loss of revenue. A successful breach can also damage the reputation of an MSP, as most MSPs pride themselves on their ability to keep their customers secure.
The leading reason cybercriminals target MSPs is because of the volume of their customer base, as customers could be the most affected by an attack. An example of this is the REvil ransomware attack on the MSP software provider Kaseya. The breach spread to dozens of MSPs and over 1,500 of their customers.
Effective Protection for MSPs
The consequences of a successful attack on an MSP can be extreme, luckily there are things you can do to protect your business and customers. Some best practices to keep your business secure include:
- Implement multi-factor authentication (MFA): MFA is a type of security technology that requires multiple pieces of authentication to confirm a user’s identity for logins and other transactions. MFA works by combining the user’s credentials to confirm the user logging into the account is the owner.
- Back up your systems and data: backing up your systems and data can provide you with a failsafe after an attack and can even help you avoid having to pay a ransom.
- Segregate networks: both you and your customers should segment networks and systems as much as possible. One example of this is to never use admin credentials across multiple customers or systems.
- Train staff: properly train staff, encourage effective communication, and ensure they know how to respond in the event of an attack.
- Develop incident response plans: Ensure that you have a comprehensive incident response plan in place, so your organization is prepared to respond quickly if an attacker successfully compromises your systems or application.
- Regularly patch software: patching or updating software keeps from vulnerabilities being created that attackers can exploit.
- Map your supply chain risks: understand your supply chain risks and identify who among your customers or suppliers could pose a risk.
- Implement Multi-Layered Email Security Protection: The vast majority of all cyber threats originate with an email. Implementing multi-layered email protection accompanied by expert, ongoing system monitoring, maintenance, and support work to dynamically analyze behavior, URLs, and files to keep cyberattacks from exploiting vulnerabilities.
CISA and other security organizations also recommend several key steps MSPs should take to protect themselves including:
- Preventing initial compromise by implementing mitigation resources to protect against common attacks
- Monitoring and logging, along with endpoint detection and network defense monitoring
- Securing remote access applications and enforcing multifactor authentication
- Developing and practicing incident response and recovery plans
- Proactively managing supply chain risk across security, legal, and procurement groups, and prioritizing resources
Vulnerability in Kaseya Software Leads to MSP Attack
Just before the 4th of July weekend in 2021, the CEO of Technology Specialists, a Fort Wayne, Ind.-based MSP, was visiting a client’s site to reprogram a device that couldn’t be accessed remotely. Before he finished, he noticed Outlook shut down on his laptop, and not long after, Tipton’s office manager called to say she couldn’t get into the MSP’s ConnectWise or Kaseya accounts. Then a client reported they couldn’t access its machines either. Within a few minutes, the company received several more calls from customers, all complaining their machines were behaving erratically and files were popping up on their screens.
By the time Tipton got back to the office, it became clear the MSP had been hit by a ransomware attack. He said, “At that point, we knew a little, but not full details like how many people it hit. At first, we thought it was just us. And that’s the worst feeling you’ll ever have.” The attack launched through a vulnerability in Kaseya’s VSA software was estimated to have impacted up to 1,500 companies, including many MSPs. Historically, technology specialists backed up customer data to three disparate locations as part of their disaster recovery plan. Unfortunately, all three remote sites were targeted and hit at the same time during the attack, something the MSP hadn’t considered would happen.
Managed services providers must be more vigilant and proactive than ever with their own security posture. MSPs offer IT infrastructure and end-user systems, so clients rely on them with their valuable assets, sensitive data, and intellectual property. A compromise in one MSP can propagate to other clients and organizations, leading to a series of other attacks if not properly mitigated.
- Learn more about how to make Microsoft 365 emails safe for businesses.
- Improve your email security posture to protect against attacks and breaches by following best practices.
- Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
- Get the latest updates on how to stay safe online.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Complete Guide to Email Viruses & Best Practices to Avoid Infections in 2023
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- What To Prioritize In Ransomware Protection
- Cybersecurity Mistakes That Could Cost You Your Job
- Top Microsoft 365 Security Concerns & How To Overcome Them
- Why Cybercrime Continues to Thrive, And What You Can Do About It
- Top Malware Strains and How to Mitigate Them
- What is the Difference Between SIEM and SOAR?
- SPF, DKIM & DMARC: What Are They & How Do They Secure Email Against Sender Fraud?
- Assessing the ROI of Your Email Security Solution
- What is a Brute-Force Attack?
- How Guardian Digital Stops Impersonation Attacks