Understanding The Threat Landscape For Managed Service Providers

• Given the potential for threat actors to monetize from an MSP’s large clients, ransomware attacks has become a common attack vector against MSPs.
• MSPs with high-value targets as customers can be a lucrative point for APT attacks.

The prevalence of Managed Service Providers (MSPs) has been a great boon for midsize companies. They decrease the cost of technical debt, thereby giving an organization more opportunity to grow their business, rather than worrying about the particulars of their infrastructure.

However, for a long while, MSPs have gradually become subject to threats as they are the easiest way to attack clients through the front door. Let’s look at how the MSPs have become soft target for attackers to obtain client data.

Ransomware attacks

Given the potential for threat actors to monetize from an MSP’s large clients, ransomware attacks has become a common attack vector against MSPs.

In June 2019, threat actors used PowerShell to push Sodinokibi ransomware against MSP customers. This tactic was previously employed by GandCrab ransomware actors, who previously exploited a flaw in remote administration software in an attempt to infect all of the MSP’s clients at once.

APT attacks

MSPs with high-value targets as customers can be a lucrative point for APT attacks.

Between 2017 and 2018, the MenuPass group used stolen credentials to gain access to a Norwegian MSP with around 850,000 customers. This enabled the group to exfiltrate proprietary information related to specific client.

Apart from using credentials, APT groups can also leverage on poorly patched third-party software to obtain a client’s sensitive data via MSP network.

Other loopholes

Poor asset management and lack of appropriate log analysis tools are also responsible for escalating a relatively minor security incident to a significant breach in many instances. Therefore, it is necessary to focus on basic security practices to minimize the threats.