Back in June, the United States Secret Service (USSS) sent out a security alert about a spike in attacks on Managed Service Providers (MSPs). MSPs provide are the lifeblood of the Small to Medium sized Business (SMB) community. MSPs provide remote management, monitoring, and deployment of IT infrastructure to SMBs. On June 12, the USSS global investigations team found an increase in incidents where hackers had breached MSP solutions. Hackers used these MSPs to access the internal networks of their customers.

What sort of attacks?

Kyle Hanslovan, CEO at Huntress Labs, said his company provided support in at least 63 incidents of MSP hacks last year that resulted in ransomware on customer networks. While the 63 incidents is more than should be occurring, Hanslovan estimated more than 100 MSP incidents were likely in 2019 alone. These attacks aren’t new to MSPs, as the USSS and FBI both issued security alerts last year warning of these attacks. Secret Service officials said they’ve been seeing threat actors and advanced persistent threats at MSPs to carry out attacks against point-of-sale systems, to perform business email compromise (BEC) scams, and to deploy devastating ransomware. 

Why MSPs?

SMBs are largest target by far for hackers because they are an easy target for reasonably competent hackers. However, hackers know it’s much better to hack one MSP, rather than hacking into 20-30 other companies when they can achieve the same result. MSPs are beginning to recognize they’re being targeted by hackers through Phishing, Password, and Social Engineering attacks. If Twitter can be socially engineered into letting Bitcoin attackers break into their Administrative systems, disable two-factor authentication, and then take over Bill Gates, Warren Buffet’s, and Elon Musk’s twitter accounts, then MSPs should be an easy target!

You see, MSPs need to be perfect 100% of the time while these online hackers only needs to be successful once! These events can put an MSP out of business from the reputation damage and costs of recovering all their clients, at the same time. The newest Ransomware is so much more damaging to SMBs with the threat of releasing critical data to the Internet instead of just encrypting it.  MSPs have to sit up and pay attention to these threats.

If you’re an MSP, you need to immediately begin bolstering your cybersecurity program. Identify your weaknesses and follow the advice of the FBI by adopting:

  • Two-Factor Authentication on everything.
  • Address poor Password Hygiene in your organization (adopt 14+ character password and purchase a Password Manager).
  • Train your employees on common social engineering methods, phishing attacks, and protective technologies like Password Managers and 2FA.
  • Govern employees with a solid set of cybersecurity policies to guide their behaviors when they need to make independent technology choices.
  • Secure your own backups with Offline, revision-controlled backups and then do likewise with your clients.
  • Build strong incident response processes for yourselves and your clients.
  • Establish a Risk Management Framework for your MSP and offer Risk Assessment services to your clients.

MSPs are counted on by millions of users across the country.  If they are getting hacked, what does that mean for everyone supported by them?  Next generation MSPs that take the actions above will be the strongest leaders and will be taking the correct steps to improve their odds of surviving the attacks they will face. 

Gets Started with Training, Governing, and Assessments

CyberHoot works well with MSPs to Train, Govern, and Assess their Cybersecurity maturity. CyberHoot is free for MSPs to use for themselves helping them Walk-the-Walk and Talk-the-Talk. The only way to protect yourself is to proactively engage on Cybersecurity.  Begin preparing today by taking the critical steps to avoid a breach. All too often a breach puts the compromised company out of business.

Ransomware Attack on MSP who Paid (Synoptek)