IT Managed Service Providers

Jarrett Kolthoff | October 19th, 2020


Threat actors have been targeting IT Managed Service Providers (MSPs) with a ferocious cadence, where companies are allowing third-party MSPs the responsibility for IT support services. Some of the primary reasons MSPs are highly targeted are the insecure methods of remote access and business practices, the lack of breadth of cybersecurity talent, and the deployment of misconfigured and unmonitored security products on a 24/7 basis.

IT Managed Service Providers Targeted

Recently, we’ve seen a number of cases where MSPs have been infiltrated by malicious threat actors in order to deploy ransomware within their client’s network. A number of Ransomware-as-a-Service (RaaS) groups such as Avaddon, Sodinokibi, and Ryuk were gaining access to MSPs, likely through open ports, and then using that company as a middleman to deliver ransomware to their clients.

MSPs can be tremendously effective and truly enable companies that want to outsource IT support, although it is more crucial for the information to be properly secured and protected 24/7. These threat groups like to target MSPs because they know the MSPs have unfettered access to multiple organizations providing a very easy method to encrypt and ransom all of their clients.

SpearTip has experienced a large number of incidents, both assisting the client who was attacked through the IT Managed Service Providers and the MSP provider themselves. Also, the MSP’s remote management technology often causes problems with protection and security. They use this remote access tool because it is easier for their business if they do not have to send a person to the on-site location every time there is an issue.

The ever-growing threat of third-party MSPs was even addressed by the United States Secret Service in June, where they released a statement about compromised IT Managed Service Providers and gave tips on the best practices for those organizations using MSPs. Realistically, organizations cannot avoid using third-party MSPs completely.

For MSPs to be fully operational in a secure manner, they have to work hand-in-hand with a security operations team in order for things to run smoothly and securely. The focus of MSPs and IT teams in general, is to ensure the accessibility of everything a business needs to succeed and drive revenue and profits. The primary mission of security teams is to make sure company data is monitored and protected at the highest level in order to protect profits. These two sectors can overlap with healthy collaboration when the teams know their respective roles in your organization. These competing elements will help organizations realize their strategic goals while maintaining a focus on privacy and security.

In response to this heightened attack on MSPs, SpearTip has created a robust Partner Program for MSPs to utilize SpearTip’s ShadowSpear® platform for their client base. This enables these MSPs to continue to service their clients while leveraging SpearTip as a force multiplier for their company by monitoring and protecting against unusual activity in its tracks before the entire environment is ransomed.

October is National Cybersecurity Month, a great time to become more knowledgeable on this subject and to help improve your organization’s ability to operate at full capacity. It’s an opportunity to become aware of your own current cybersecurity situation and ask your MSP how they are protecting you 24/7. The threat of compromising third-party MSPs is an ever-increasing threat needing to be addressed, especially, if they are controlling access to your network. Look to secure it with 24/7 monitoring because your organization could soon be the focus of a cyberattack.

Over time, the security of your data and information will only grow in criticality. Organizations and businesses will not be able to overlook cybersecurity as a vital part of their processes, so having a month dedicated solely to the importance of good cyber practice makes October our favorite month of the year.


Connect With Us

Featured Articles

Cuttlefish Malware
Cuttlefish Malware: A New Threat to Routers and Traffic Monitoring
24 May 2024
Security Awareness Training
Security Awareness Training Crucial Role
22 May 2024
Phishing Campaign Assessments
Phishing Campaign Assessments Can Be Effective For Companies
20 May 2024
Incident Response Planning
Incident Response Planning: Why It's Important
17 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Frequently Asked Questions

How can businesses effectively evaluate and choose the right third-party IT managed service provider for their specific needs?

Evaluating and choosing the right third-party IT managed service provider requires a comprehensive understanding of the specific needs and goals of the business. Factors to consider may include the provider's experience and expertise, their track record with similar clients, the range of services they offer, their pricing structure, and their ability to scale and adapt to future business growth.


What are the potential risks and challenges associated with outsourcing IT services to a third-party provider, and how can businesses mitigate them?

Outsourcing IT services to a third-party provider can present certain risks and challenges. It is important for businesses to consider potential issues such as data security and privacy, service reliability and uptime, vendor lock-in, and the potential impact on internal IT staff. To mitigate these risks, businesses should thoroughly vet potential providers, assess their security measures and certifications, review their service level agreements (SLAs), and establish clear communication channels and expectations.

Are there any specific industries or types of businesses that are better suited for outsourcing IT services, or is it a viable option for any organization regardless of their size or industry?

The viability of outsourcing IT services to a third-party provider can vary depending on the industry and the specific needs of the business. While outsourcing can be beneficial for organizations of all sizes and industries, certain industries that handle sensitive customer data or have strict regulatory requirements may have to carefully consider the provider's compliance capabilities. Additionally, the decision to outsource may also depend on factors such as the availability of in-house IT resources, budget constraints, and the need for specialized expertise.

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.