A Wake Up Call for MSPs



By: Ali Gomulu

In today’s IT marketplace, network security is becoming an increasingly important offering for Managed Service Providers (MSPs) competing for new business and more business with existing customers. A TechValidate survey done by GreatAmerica found 87% of MSPs have lost business because their security offering was lacking something a customer needed.

The growth of Managed Security Service Providers (MSSPs) has been driven in part, by concerns that traditional IT and communications service providers simply are not protecting the infrastructure – and therefore private, confidential and sensitive information and data.

For decades, service level agreements, help desk capabilities, response times and value for money have been major factors in the increasingly competitive MSP industry.

More MSPs are now building security practices to protect their infrastructure and information, as well as the systems the operate on their customers’ behalf. One serious attack and breach could put an otherwise excellent MSP out of business.

Today, there is even more pressure to “ensure secure” as MSPs are becoming “easy targets” for busy criminals and adversaries, because once they crack into an MSP’s environment, they may have access to dozens or hundreds of their customers’ information.

Recent reports have surfaced on a previously unknown community of hackers with advanced hacking skills which has compromised nearly a dozen IT service providers, researchers from Symantec reported. Just last week, Symantec announced additional attacks underway in Saudi Arabia as the Tortoiseshell virus is moving faster than its namesake.

IT now stands for Intermediate Targets

Tortoiseshell has been active since at least July 2018 and has struck as recently as July of this year, researchers with the Symantec Attack Investigation Team relayed on their blog.

It is important to note that at least two of the 11 compromises successfully gained domain admin level access to the IT providers’ networks, which gave them control over all connected machines.

“The most advanced part of this campaign is the planning and the implementation of the attacks themselves,” a member of Symantec’s research team wrote in an email. “The attacker had to have multiple objectives achieved in an operational fashion in order to compromise the true targets which would have relationships with the IT provider.”

The researcher continued: “The use of custom, unique malware developed for an advanced campaign such as this shows the attacker has resources and capabilities that most low to mid-level adversaries simply do not have. Putting all these pieces together built a bigger picture, which matched the profile of an advanced well-resourced attacker.”

Symantec is continuing to study how the Tortoiseshell hackers were able to access and infect the MSP’s networks. They have stated that they identified a “Web shell,” a script that’s uploaded to a Web server to provide remote administration of the machine, compromising that server to deploy malware onto the network.

While there are many good reasons to add managed security to MSP’s offerings – this means deep thinking about what will be required.

Priority one? Protect the MSP’s infrastructure and, by extension, every private network (cloud, data center, database, application, website and devices across the board) and implementing Privileged Access Management (PAM) is a great first step.

With new levels of security in place, the MSP becomes more competitive.

Priority two? With a comprehensive MSSP offering, the MSP becomes more valuable to existing clients – reducing churn – and more attractive to new clients – attracting businesses and organizations with growing concerns about the volume and consequences of attacks.

Contact us to learn more about the services we’ve designed for MSPs which are the most competitive in our category – including PAM and many other secure access management solutions which can be bought – and sold – given the flexibility of our technology and our unique pay-as-you-go offerings.



Similar Blogs

Enterprise Risk Appetite Frameworks Should Include PAM

Enterprise Risk Appetite Frameworks Should Include PAM

Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”

read more