MSPs are coming under attack. The attacks were first reported by the Australian government and now we are getting warnings from the United States.
According to the National Cybersecurity and Communications Integration Center (NCCIC), there are ongoing attempts to infiltrate the networks of global managed service providers (MSPs). Since May 2016, advanced persistent threat (APT) actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.
What should we make of these reports and how can MSPs defend ourselves against future attacks?
Recognize New Role of MSP in Today's Society
The role of MSPs has undeniably changed. Gone are the days when MSPs were new business models being practiced by dying VARs and break/fix companies. If the U.S. government acknowledges the dominant role MSPs have today, I think we can safely say MSPs have arrived.
The NCCIC says the following about MSPs: "The number of organizations using MSPs has grown significantly over recent years because MSPs allow their customers to scale and support their network environments at a lower cost than financing these resources internally. MSPs generally have direct and unfettered access to their customers’ networks and may store customer data on their own internal infrastructure. By servicing a large number of customers, MSPs can achieve significant economies of scale. However, a compromise in one part of an MSP’s network can spread globally, affecting other customers and introducing risk."
MSP Attack Vectors
Knowing where you may be vulnerable to attack is half the battle. According to the NCCIC, "APT actors use a range of 'living off the land' techniques to maintain anonymity while conducting their attacks. These techniques include using legitimate credentials and trusted off-the-shelf applications and pre-installed system tools present in MSP customer networks.
Simply put, MSPs need to really pay attention to their remote access practices. This includes:
- Hardening remote access policies
- Effective on-boarding techniques for MSP users
- Internal audit/review practices

