Attackers See MSPs as the Key to a Treasure Trove of Data

Dror Liwer

In a Reddit section dedicated to managed service providers (MSPs), users alerted the group that cyberattackers were recently discovered to have breached three MSPs’ security infrastructures, introducing ransomware via Remote Desktop Endpoints (RDP) and ultimately infiltrating the MSPs’ customers systems. A previous occurrence in February also resulted in 1,500 to 2,000 systems in an MSP to be locked with a release demand of $2.6 million.

These attacks weren’t the first nor will they be the last time MSPs are targeted, as attackers are now actively pursuing service partners to collect vast amounts of data with much less resistance than its enterprise and government foes.

This strategy of attack isn’t new. In fact, we’ve seen it many times before with attackers now preferring to target multiple small businesses instead of one large enterprise to save time and resources without sacrificing their end goal – monetizing data collection. This causes stress on small businesses in particular who don’t have the dollars to spend on developing security policies that protect themselves from attackers. And similar to small businesses, if MSPs don’t mitigate their risks soon, they, too, will risk losing customers and business in an increasingly competitive landscape.

Rapidly Growing MSP Marketplace

MSPs have always been a trusted adviser to businesses. They manage IT infrastructures, end-user systems and, increasingly, their customers’ cybersecurity. With 60% serving up to 100 customers, most MSPs are also considered small businesses themselves and are working in a marketplace that’s only expected to grow in size and in cyber risk.

A recent report from Market Research Future forecast the managed services market to grow 11% between 2016-2022. This trend lends itself to the growing realization of benefits in partnering with an MSP in light of cybersecurity needs. Rising concerns around data protection, bring your own device (BYOD) policies and regulatory compliance as well as a shift to cloud-apps have businesses looking for help in managing these complexities.

Ironically, this explosion of growth is actually painting a big red bull’s-eye on MSPs as keys to the data treasure box.

MSPs’ Privileged Access to Data

The reason for targeting MSPs is quite logical. The numbers imply a decent client roster per MSP and estimations suggest there are about 20,000 successful MSPs within the North American market. Therefore, why go after one company for its data when an attacker can go after an MSP that has access to tens of companies’ data?

However, it’s not just the sheer number of data points that attract cybercriminals to target MSPs. The business model of MSPs suggest a tendency to serve a specific vertical, such as health care, finance, consulting, government agencies, etc., for the MSP to understand and meet the IT needs within that profession. Although an understandable business decision, this allows cyberattackers to cherry-pick victims based on the profiles the MSPs serve.

Protecting MSPs and Their Customers

It’s no longer an option for MSPs to claim ignorance if a data breach occurs. Public reporting of such incidences has brought the issue to light and actually raised the standard of…