MSPs Warned of Online Attacks
Table of Contents
- By Steven
- Published: May 16, 2022
- Last Updated: May 16, 2022
Some of the world’s top information technology managed services providers, or MSPs for short, have been warned of potential upcoming web-based attacks. The attacks are likely to be made against both MSPs and their clients. Web security specialists from the Five Eyes alliances representing the world’s leading cyber powers have issued a worldwide warning regarding attacks on IT services providers and other websites that might have a global impact.
What is the Advisory all About?
The Five Eyes alliance warning centers on potential digital attacks against MSPs and their customers. Though the advisory was directed toward the alliance country’s members, it is applicable to MSPs and businesses throughout the world. The advisory aims to prepare MSPs for potential online attacks and heighten digital security protocols and defenses. In particular, MSPs are advised to reassess their digital security protections and take extra steps to protect client data.
Why are MSPs in the Spotlight?
According to the Five Eyes alliance, MSPs are in hackers’ crosshairs. Though the group did not specify why MSPs are being targeted, they highlighted recent reports that indicate harmful cyber activity is being steered toward MSPs. The group insists the trend will continue moving forward. MSPs might be considered valuable targets as they manage and protect highly sensitive information on behalf of clients. However, it is interesting that several countries are issuing warnings to MSPs in unison.
The hope is that the warning prompts MSPs to enhance the security of networks and data moving forward as the number of digital attacks continues to skyrocket throughout the world. It is also believed MSPs are favored as hacking targets as they are helpful in the scaling of attacks. Hackers that zero in on MSPs also pose a risk to the companies and other entities that those MSPs serve, meaning there is the potential for a chain reaction that extends well beyond the initial target.
It is possible MSPs will be used as an introduction point that helps facilitate the spread of malware or other threats to their customer network. The advisory noted above points out that digital criminals can scale up an attack from the starting point of an MSP with insufficient digital safeguards to obtain access to targets within the MSP network. The advisory noted that MSPs and their customers should ramp up their digital security measures and controls to thwart phishing attacks, unauthorized account access, data theft, and other potential digital infiltration.
Is Russia Behind the MSP Hacks?
Though the advisory did not specifically indicate that Russian hackers are targeting MSPs in the United States and elsewhere, the Five Eyes report from April identified Russia as an aggressor in cyberspace. The group’s spring advisory warned of hackers working on behalf of the Russian government. The advisory stated hackers employed by the Russian government worked in unison with cybercriminal groups to launch online attacks against entities throughout the West and abroad. The online offensive was launched shortly after Russia went to war with Ukraine.
What Should MSPs and Their Customers Do?
MSPs and those who receive services from MSPs should be hyper-aware of the threat described above. Such groups are encouraged to update digital safeguards, implement multi-factor authentication, provide employees with cybersecurity training, and develop a response and recovery plan.