Wednesday 12th October 2022

BLOG: Threat Actors Targeting MSPs

Managed service providers are an attractive target for threat actors because they can gain access to multiple networks and IT environments at the same time. With the increasing demand to support business needs, more organizations outsource IT and security to MSPs. As a result, MSPs are under increasing threat of cyber-attacks and according to cybersecurity research, the global managed IT services market will reach $354.8 billion by 2026, this is a significant increase from $242.9 billion last year.

According to security services from Britain, the US, New Zealand, Australia, and Canada, MSPs are increasingly at risk of cyberattacks. This may be an odd revelation, especially to individuals outside of the cybersecurity sector but it is true that cybercriminals are targeting, and often succeeding in attacking MSPs. The consensus is that MSPs have great cybersecurity defences, so by that belief, it would ve expected that they are unlikely targets.

MSPs are ideal for threat actors because they can typically remotely access clients’ networks and IT environments. The average MSP has access to a lot of data, cybersecurity researchers found that only 36% of MSPs were confident they would be fully compliant. 89% acknowledged that they needed more education and support around the threat landscape and cyber security matters. Nevertheless, there were also signs of fatigue, with 36% complaining that there were already too many regulations.

MSPs are being targeted for the same reason as supply chains. Successfully breaching an MSP means cybercriminals gain access to much more than the initial target.  According to cybersecurity researchers, 90% of MSPs suffered a successful attack in the last 18 months. The study also found that the number of attacks prevented by MSPs almost doubled during the same period.

Countless small to midsize businesses rely on MSPs to assist them with cost-effective IT infrastructure management, monitoring, and general support. In addition, companies regularly trust MSPs to protect their data, but we must remember that MSPs are often small businesses themselves. And as attack vectors increase by the minute, there seems to be no end in sight to the growing pressures on MSPs.

With many consumers and customers investing more in MSPs and broadening their range of responsibilities, the spotlight turns to MSPs to know how they can ensure they can meet those responsibilities without collapsing under the burden, and how can they provide the service customers require in a threat landscape where threat actors tactics and strategies are increasing in frequency and sophistication?

Cybersecurity researchers in the UK found that 84% of MSPs had experienced an outage or brownout (with an average of 16 outages in a year), and 41% had suffered lost productivity consequently. On the issue of cyber security, MSPs revealed that 80% of customers had been affected by cyber-attacks and admitted they were “not very confident” in their ability to successfully address a cyber attack.

The cybersecurity agencies warned MSPs to “expect state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.”

Between April and May 2020, attacks levelled out at 20,000 to 30,000 per day in the U.S. alone. MSPs report their clients fell victim to ransomware despite having antivirus software, email filters, pop-up blockers, and endpoint detection and response platform.

MSPs need to plan for the worst. This can range from having an incident response plan in place. Those who do have incident response plans prepared are far more successful as they stay ahead of the curve, allowing them to be more operationally mature.

MSPs have an ethical and legal responsibility to provide customers with reputable vendors to limit the possibility of cyber-attacks, MSPs should review a ‘refusal of service’ document with new customers and decline to work with those who do not meet their minimum threshold of requirement.

MSPs must take the lead, educate their customers on these risks, and deliver a service that can minimise the risk of business-critical disruptions, by testing frequently to ensure customers have the right security measures in place

MSPs to ensure they don’t buckle under the burden of their responsibilities to customers is to adopt a collaborative and flexible support model, where one team member isn’t bearing the brunt of urgent requests such as cyber-attacks.

The knowledge base, made up of solutions, guides and troubleshooting instructions, can be shared between teams to mitigate risks and to provide continuity across different locations and time zones, holidays and time off taken by team members.

If MSPs can get a view of what most of their customers are looking to achieve, it becomes easier for all involved. MSPs should also be willing to ask for help or advice from experts in the field. There are many resources available to help guide MSPs and ensure they don’t over commit

A ransomware attack could lead to organisations having to make a large payout. Meanwhile, a serious malware attack, with a long period of systems outage, could lead to you haemorrhaging revenue. The reputational damage to MSPs in are successful breach could be fatal. Most MSPs pride themselves on their strong security and market themselves thus to customers. So the news of an attack could seriously weaken customer trust, leading to a PR nightmare and potential loss of revenue.

MSPs must set up procedures to lessen the chances of threat actor infiltration. For instance, setting up multi-factor authentication is a method that requires you to provide two or more verification methods to sign into an application. Instead of just asking for your username and password, MFA adds an extra layer of security extras, like a randomly generated pin code sent by SMS, a thumbprint, or a piece of memorable information known only to the user. Passwords on their own can make organisations vulnerable to data leaks and brute-force attacks. MFA is not impossible for threat actors to intrude but it is much harder and requires much more skill and effort to be broken through.

Backing up systems and data can also help. This can aid in avoiding having to pay a ransom. Research on known ransomware victims shows that while 32% pay the ransom, they only get an average of 65% of their data back.

MSPs should segment their networks and their customers’ networks as much as possible. It is important that for instance, using admin credentials across multiple customers or systems is prohibited and it is certain that no one has access or privileges beyond what they need to do their job. Employees need to know what behaviours are potentially harmful otherwise the pressure on organisations will worsen, implementing training and other relevant steps can help this.

It is not guaranteed that detrimental cyber-attacks will occur, but, statistically, a cyber-attack will likely occur. MSPs need a consistent and rational response plan to prepare for this. Another part of this is encouraging customers to develop their incident response plan. 2020 statistics show that 4% of MSPs report that all their clients have an incident response plan.

Patching or updating any software that is used is another vital area. This is because it will have lessened the chance of threat actors finding easily exploited weak points. Over time, software develops vulnerabilities, suffers a breach, or becomes outdated.

Understanding supply chain risks are important. According to research, supply chain risks are expected to rise, and organisations that are turning to MSPs must ensure their providers put strategic safeguards in place to reduce these risks. MSPs are contractually obligated to ensure that their security architecture, governance, and capabilities are up to industry standards and need to regularly re-evaluate their cybersecurity strategy and processes to make sure they can meet recommended cybersecurity measures and controls.

To understand how Orpheus Cyber can help with this, request a demo

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.