Recent Attacks on MSPs: What You Need to Know
This could explain recent attacks against them. Back in December, we mentioned attacks from Chinese threat actors that directly targeted MSPs. Unfortunately, there have been similar attacks recently. But you can help keep your MSP business and your customers safe if you vigilantly enforce the fundamentals—and have some additional tools and controls in place.
What You Can Do
These attacks centered around compromised user credentials, weak password management policies, and endpoints without advanced protection. Cybercriminals gained access to user passwords and were able to easily compromise accounts.
Based on early reports, these attacks weren’t overly sophisticated—they could have been prevented with fundamental cyberhygiene practices. For starters:
- Enforce multifactor authentication (MFA) as a policy: These days, there’s simply no excuse to skip MFA. This is particularly true for high-risk employees and high-risk systems. This extra step can, in many cases, help to prevent unauthorized access.
- Enforce a strong password policy: The basics here apply—set strong requirements for passwords and encourage your customers to avoid re-using passwords across accounts. One of the easiest ways to do this is to get a corporate password manager to help make it easy for users to create and use strong, unique passwords. Additionally, a solution like SolarWinds® Passportal + Documentation Manager can help you grant and revoke access as needed and more easily enforce strong password rules across your customers and your own MSP business.
- Use advanced endpoint protection: One of the problems with this attack is that the attackers wormed their way in using remote desktop protocol (RDP). Since this is an internal system component, many traditional security solutions like antivirus won’t necessarily flag an issue. Advanced endpoint protection solutions like SolarWinds® Endpoint Detection and Response (EDR), powered by SentinelOne, use artificial intelligence and machine learning to detect anomalous behavior at the endpoint. If someone gets in via RDP and starts doing damage like deleting files in bulk, changing the system registry, modifying user account privileges, or reaching out to download a ransomware file, SolarWinds EDR is designed to discover and flag this (and help you prevent it).
The Importance of Cyberhygience
Attacks like these should reinforce the importance of practicing consistent cyberhygiene. Even though these cybercriminals used compromised accounts and RDP to launch the attack, there are many angles into a business. Don’t neglect the importance of patching regularly, implementing protection against email-borne threats, running backup regularly, and offering regular security training to your customers. While nothing is bulletproof, proper cyberhygiene practices can drastically reduce the risk of an attack and help you keep your customers safe.
Tim Brown serves as Vice President of Security for SolarWinds, overseeing internal IT security, product security, and security strategy. Tim has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services and cloud security.
SolarWinds adds Passportal suite to its MSP product portfolio. MSP security, simplified. Passportal's Ocular™ + docs is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.