Skip to content

Hackers targeting MSPs, warns Homeland Security

Posted by Geraldine Hunt on Wed, Jan 9th, 2019

Advanced cybersecurity protects from many of the common attacks in the wild, but attackers look for a weak link in any security defense. For MSP clients, the weak link could be the managed service provider (MSP). MSPs shoulder the responsibility of protecting a client network, but even the best digital cybersecurity can’t defend against human error. Attackers are aware of this, and they aim to find the weakest link to phish for credentials that give them access to a client’s network.

MSPs Have a Treasure Trove of Client Data

Depending on the size of the MSP, an attacker can gain several sets of credentials from a strategic attack.  Instead of phishing for one set of credentials from a general employee within the target corporation, an attacker can get a wealth of information based on the credentials stored by the MSP.

When an MSP services a client, they usually have administrator credentials. Even if the credentials the MSP has aren’t an administrator, the login information has an elevated level of permissions. Just this higher level of access can give an attacker access to system servers, network appliances, databases, and even security devices.

Not every attacker has a specific target. An attacker knows that any access to an enterprise corporation has the potential to leak millions of customer records. An MSP could service dozens of enterprise clients, so having access to an MSP account could give the attacker access to dozens of enterprise networks. Should one set of credentials not give the attacker what’s wanted, another set could provide access to data that can be used for identity theft, additional phishing attacks, or selling the stolen data on darknet markets.

Recent Waves of MSP Attacks

The issue has gained popularity in hacker circles recently. It’s become such a prevalent way to gain access to systems that the US Department of Homeland Security released a statement warning service providers of the recent wave of attacks.

MSPs aren’t the only target for attackers. Several types of IT service providers have been a target. These providers include:

  • IT Managed Service Providers
  • Cloud Service Providers
  • Managed Security Service Providers

This list is not exhaustive, so any IT solutions provider should be aware of these attacks and take steps to avoid releasing private client system credentials.

What Can MSPs Do to Protect Credentials?

Cyber attacks can range from finding vulnerabilities on system appliances and servers to general phishing. Several attacks have been launched at system servers that aren’t patched with the latest updates. Most operating systems have scheduled service releases that patch vulnerabilities and exploits from the latest attacks. Software that runs on a public-facing server should also have updates installed when they are released by the developer.

Phishing is one of the most common attacks with a high success rate for the attacker. Some phishing attacks target specific employees at an MSP, but other attacks are much more general and target any employee that falls victim to the malicious email. The email could be an attacker pretending to be a client or even another employee. Some phishing emails contain a link to an attacker-controlled website made to look like an official institution. Should the employee enter credentials into a malicious site, the attacker now has access to the internal network.

Some attackers combine social engineering with phishing attacks. Usually, this involves a phone call to an employee that then gives the attacker more information to customize a phishing email. MSPs should educate all users about the red flags and consequence of falling victim to a phishing attack.

Even better, MSPs can add the right security tools to the local network to block some of the more common attacks. Spam filters can block malicious phishing emails from dropping into an employee’s inbox. These spam filters don’t work like the ones you see on private email services where they display in a spam inbox. Instead, they block them on the server where an administrator can view them.

DNS-based filters block websites included in phishing emails. Should an email arrive at a user’s inbox, the user can click the link but these filters block access during the DNS lookup process. These filters stop access to malicious sites that steal credentials from phishing victims, but they also stop sites that host malicious applications.

MSPs do everything they can to protect client networks, but it’s also imperative they take the right steps to protect their own networks. One successful phishing attack or data breach can have serious consequences. With access to an MSP network, an attacker can steal data from the MSP’s client systems. This is a serious threat that MSPs need to be vigilant about cybersecurity and revisit their layered defenses against this latest threat. This is a serious threat and strong reminder that MSPs need to be vigilant about security to ensure they have sufficient measures in place to protect their businesses and customers.

Related Articles

Never Miss a Blog Post

Sign-up for email updates...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us