MSPs Under Attack
Managed service providers are no longer just trusted security advisors when it comes to protecting businesses from attackers--MSPs themselves are now frequently becoming the initial target. That means MSPs will need to dramatically step up their game around security in 2020.
Cybercriminals targeted MSPs throughout last year and seized upon the tools they use to manage customer IT systems as vehicles to attack those same customers. A wake-up call came last April when Wipro acknowledged that employee accounts had been compromised in a phishing campaign, allowing adversaries to use the Indian IT outsourcing giant’s systems to launch attacks against at least a dozen of its customers. The hackers were believed to have used ConnectWise Control to connect to Wipro client systems, which were then used to obtain deeper access into Wipro customer networks.
Then last August, an on-premises version of the ConnectWise Control remote access tool was used to seed the endpoints in a devastating ransomware attack that resulted in portions of 22 Texas town and county networks being locked behind encryption keys. The Texas towns and counties hit by ransomware were all receiving products and services from Rockwell, Texas-based MSP TSM Consulting.
Given the level of access and trust MSPs enjoy in their clients' networks, expect hackers to continue attempting to use MSPs as an entry point into their customers in 2020 and beyond.
