Skip to main content
Security Education

Recent Attacks on MSPs: What You Need to Know

By Tim Brown

This could explain recent attacks against them. Back in December, we mentioned attacks from Chinese threat actors that directly targeted MSPs. Unfortunately, there have been similar attacks recently. But you can help keep your MSP business and your customers safe if you vigilantly enforce the fundamentals—and have some additional tools and controls in place. 

What You Can Do

These attacks centered around compromised user credentials, weak password management policies, and endpoints without advanced protection. Cybercriminals gained access to user passwords and were able to easily compromise accounts. 

Based on early reports, these attacks weren’t overly sophisticated—they could have been prevented with fundamental cyberhygiene practices. For starters: 

  • Enforce multifactor authentication (MFA) as a policy: These days, there’s simply no excuse to skip MFA. This is particularly true for high-risk employees and high-risk systems. This extra step can, in many cases, help to prevent unauthorized access. 

  • Enforce a strong password policy: The basics here apply—set strong requirements for passwords and encourage your customers to avoid re-using passwords across accounts. One of the easiest ways to do this is to get a corporate password manager to help make it easy for users to create and use strong, unique passwords. Additionally, a solution like SolarWinds® Passportal + Documentation Manager can help you grant and revoke access as needed and more easily enforce strong password rules across your customers and your own MSP business. 

  • Use advanced endpoint protection: One of the problems with this attack is that the attackers wormed their way in using remote desktop protocol (RDP). Since this is an internal system component, many traditional security solutions like antivirus won’t necessarily flag an issue. Advanced endpoint protection solutions like SolarWinds® Endpoint Detection and Response (EDR), powered by SentinelOne, use artificial intelligence and machine learning to detect anomalous behavior at the endpoint. If someone gets in via RDP and starts doing damage like deleting files in bulk, changing the system registry, modifying user account privileges, or reaching out to download a ransomware file, SolarWinds EDR is designed to discover and flag this (and help you prevent it).

The Importance of Cyberhygience

Attacks like these should reinforce the importance of practicing consistent cyberhygiene. Even though these cybercriminals used compromised accounts and RDP to launch the attack, there are many angles into a business. Don’t neglect the importance of patching regularly, implementing protection against email-borne threats, running backup regularly, and offering regular security training to your customers. While nothing is bulletproof, proper cyberhygiene practices can drastically reduce the risk of an attack and help you keep your customers safe.

Tim Brown serves as Vice President of Security for SolarWinds, overseeing internal IT security, product security, and security strategy. Tim has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services and cloud security.


SolarWinds adds Passportal suite to its MSP product portfolio. MSP security, simplified. Passportal's Ocular™ + docs is a SOC 2 certified, RAPID 7 tested, award winning platform.

 Audited Tested Awarded-01

Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.Passportal-SolarWinds_1200x190

Welcome to the Passportal Blog

Into cybersecurity? Read up on current trends in IT Services and ensure you’re up to speed on best practices on how to grow your business.

Want to stay up to date?

Get the latest N-able tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Automated password protection with documentation management integrated with the MSP tools you already use

Manage passwords with ease

BOOK A DEMO