Alarm Bells Ring: U.S. Secret Service Reports Skyrocketing Cyber Attacks on MSPs

In June, the U.S. Secret Service (USSS) raised the alarm about a sharp increase in cyber attacks targeting Managed Service Providers (MSPs). MSPs are crucial for Small to Medium-sized Businesses (SMBs), providing remote management, monitoring, and deployment of IT infrastructure. On June 12, the USSS global investigations team detected a surge in incidents where hackers infiltrated MSP systems to gain access to their clients’ internal networks.

Types of Cyber Attacks Plaguing MSPs

Kyle Hanslovan, CEO of Huntress Labs, reported that his company assisted in at least 63 incidents of MSP breaches last year, leading to ransomware attacks on customer networks. While 63 incidents are alarming, Hanslovan estimates that over 100 MSP breaches likely occurred in 2019 alone. These attacks are not new to MSPs, as both the USSS and FBI issued security alerts last year warning of such threats. Secret Service officials have observed threat actors and advanced persistent threats at MSPs, resulting in attacks on point-of-sale systems, business email compromise (BEC) scams, and devastating ransomware deployments.

Why MSPs Are Prime Targets for Hackers

SMBs are often the primary targets for hackers due to their vulnerability. However, hackers find it more efficient to breach one MSP rather than hacking into 20-30 individual companies to achieve the same result. MSPs are increasingly aware that they are being targeted through phishing, password, and social engineering attacks. If high-profile companies like Twitter can fall victim to social engineering attacks, leading to the compromise of high-profile accounts, then MSPs must be vigilant.

MSPs need to maintain perfect security 100% of the time, while hackers only need to be successful once. These events can put an MSP out of business due to reputational damage and the costs of recovering all their clients. The newest ransomware threats are even more damaging to SMBs, with the potential to release critical data to the internet instead of just encrypting it. MSPs must take these threats seriously.

Fortifying Cybersecurity for MSPs

If you’re an MSP, it’s crucial to immediately bolster your cybersecurity program. Identify your weaknesses and follow the advice of the FBI by adopting the following measures:

Implement Two-Factor Authentication (2FA): Add an extra layer of security to all your systems.
Address Poor Password Hygiene: Adopt 14+ character passwords and use a password manager to keep track of them securely.
Train Employees: Educate your staff on common social engineering methods, phishing attacks, and protective technologies like password managers and 2FA.
Govern with Cybersecurity Policies: Establish a solid set of cybersecurity policies to guide employee behavior when making independent technology choices.
Secure Backups: Ensure you have offline, revision-controlled backups for yourself and your clients.
Build Incident Response Processes: Develop strong incident response processes for yourself and your clients to handle potential breaches effectively.
Establish a Risk Management Framework: Create a Risk Management Framework for your MSP and offer Risk Assessment services to your clients.

MSPs are relied upon by millions of users across the country. If they are getting hacked, what does that mean for everyone supported by them? Next-generation MSPs that take the actions above will be the strongest leaders and will be taking the correct steps to improve their odds of surviving the attacks they will face.

Kickstarting Training, Governing, and Assessments

CyberHoot collaborates effectively with MSPs to train, govern, and assess their cybersecurity maturity. CyberHoot is free for MSPs to use for themselves, helping them walk the walk and talk the talk. The only way to protect yourself is to proactively engage in cybersecurity. Begin preparing today by taking the critical steps to avoid a breach. All too often, a breach puts the compromised company out of business.