MSP Blog Logo

Cyber Security

Business Growth

Sales and Marketing

IT Services


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

Breaking News: Advanced Persistent Threat Activity Exploiting MSPs

Posted October 4, 2018by Brian Downey

Breaking News: Advanced Persistent Threat Activity Exploiting MSPs

On Wednesday, October 3, the U.S. Department of Homeland Security (DHS) issued a warning to managed services providers (MSPs) and cloud services providers (CSPs) that hackers are exploiting MSP and CSP systems to reach end-client networks.

This alert from the DHS confirms that small businesses, and their managed service providers, are the new attack vector for cybercriminals, and the risks are severe. In this post, we’ll explain the threat MSPs and their clients are facing, and provide our advice to help mitigate these threats.

What’s the Threat Activity and How Did It Unfold? 

Hackers are attacking MSPs, MSSPs, and CSPs as the weak link in a supply chain to get to their customers, exploiting the trusted relationship between provider and customer. The attacks occur by using compromised legitimate MSP credentials (e.g., administration, domain, user) and implanted malware on systems owned by the MSP, allowing remote access for the attacker while advanced persistent threat (APT) actors move laterally between an MSP and its customers’ shared networks. It’s this lateral movement between networks that lets APT actors easily evade detection measures and maintain a presence on the victims’ networks. The attacker could then launch attacks on the end-customer, using the MSP’s systems, so all the activity would appear to come from the MSP. 

According to the alert, which analyzed a phishing attack on MSPs, there are three key details that service providers should be aware of:

  1. The attack capitalized on stolen credentials, making multi-factor authentication critical to securing end-clients.
  2. Signature-based malware detection is not enough to protect against the initial infection.
  3. Once the attackers were inside the service provider network, they used common admin tools to move laterally to end-customer networks. This highlights the need for layering additional security onto Remote Desktop Protocol (RDP), such as strong authentication for remote connections, and heightens the need for more tightly-controlled remote management tools.

Threat Prevention Advice for MSPs

Continuum is strongly recommending that managed service providers evaluate how they connect to and manage their end-customer networks. This incident reinforces the need for advanced endpoint protection on all systems, isolating any unprotected systems into a separate network. MSPs should also ensure that they are leveraging DNS protection as a secondary line of defense, that they are using more secure tools than RDP, and that all remote access requires multi-factor authentication.

Detection and response capabilities are also critical. Amid the Department’s cogent warnings is a clear call for providers to bolster their “ability to rapidly respond to and recover from an incident… with the development of an incident response capability… prepared to handle the most common attack vectors.” MSPs should heed this latest threat, as it is becoming increasingly likely that security will be the number one reason for an MSP to be hired or fired by their clients in the months and years to come.


To successfully disrupt APT activity, MSPs need a more advanced security solution. Discover how Continuum Security can help you provide the protection your clients demand.


As Senior Director of Product Management at Continuum, Brian is responsible for the overall security solution strategy. He has spent the past 15 years in various product and business strategy roles at several of the world’s most successful technology companies, most recently driving the initial creation and introduction of BMC Software’s new security product line. Brian is passionate about developing and delivering solutions that allow small- and medium-sized businesses to effectively secure their environments. Brian has a computer science degree from University of Massachusetts Amherst, an M.B.A. from Babson College and is currently finishing his Doctorate in Business Administration from Temple University. Brian lives just outside Boston with his wife and three kids between the ages of three and seven.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus