Threat actors have been targeting IT Managed Service Providers (MSPs) with a ferocious cadence, where companies are allowing third-party MSPs the responsibility for IT support services. Some of the primary reasons MSPs are highly targeted is the insecure methods of remote access and business practices, lack of breadth of cybersecurity talent, and the deployment of misconfigured and unmonitored security products on a 24/7 basis.
Recently, we’ve seen a number of cases where MSPs have been infiltrated by malicious threat actors in order to deploy ransomware within their client’s network. A number of Ransomware-as-a-Service (RaaS) groups such as Avaddon, Sodinokibi, and Ryuk were gaining access to MSPs, likely through open ports, and then using that company as a middle man to deliver ransomware to their clients.
MSPs can be tremendously effective and truly enable companies that want to outsource IT support, although it is more crucial the information to be properly secured and protected 24/7. These threat groups like to target MSPs because they know the MSPs have unfettered access into multiple organizations providing a very easy method to encrypt and ransom all of their clients.
SpearTip has experienced a large number of incidents, both assisting the client who was attacked through the managed service provider, and the MSP provider themselves. Also, the MSP’s remote management technology often causes problems with protection and security. They use this remote access tool because it is easier for their business if they do not have to send a person to the on-site location every time there is an issue.
The ever-growing threat of third-party MSPs was even addressed by the United States Secret Service in June, where they released a statement about compromised managed service providers and gave tips on the best practices for those organizations using MSPs. Realistically, organizations cannot avoid using third-party MSPs completely.
For MSPs to be fully operational in a secure manner, they have to work hand-in-hand with a security operations team in order for things to run smoothly and securely. The focus of MSPs and IT teams in general, is to ensure the accessibility of everything a business needs to succeed and drive revenue and profits. The primary mission of security teams is to make sure company data is monitored and protected at the highest level in order to protect profits. These two sectors can overlap with healthy collaboration when the teams know their respective roles in your organization. These competing elements will help organizations realize their strategic goals, while maintaining a focus on privacy and security.
In response to this heightened attack on MSPs, SpearTip has created a robust Partner Program for MSPs to utilize SpearTip’s ShadowSpear® platform for their client base. This enables these MSPs to continue to service their clients, while leveraging SpearTip as a force-multiplier for their company by monitoring and protecting against unusual activity in its tracks before the entire environment is ransomed.
October is National Cybersecurity Month, a great time to become more knowledgeable on this subject and to help improve your organization’s ability to operate at full capacity. It’s an opportunity to become aware of your own current cybersecurity situation and ask your MSP how they are protecting you 24/7. The threat of compromising third-party MSPs is an ever-increasing threat needing to be addressed, especially, if they are controlling access into your network. Look to secure it with 24/7 monitoring because your organization could soon be the focus of a cyberattack.
Over time, security of your data and information will only grow in criticality. Organizations and businesses will not be able to overlook cybersecurity as a vital part of their processes, so having a month dedicated solely to the importance of good cyber practice makes October our favorite month of the year.