MSPs Are Under Attack


March 16, 2020

With more and more small to medium-sized businesses turning to Managed Services Providers for security solutions, it shouldn’t be a surprise to anyone that these MSPs are under attack, too.  The concept fueling these attacks is a simple one: why rob an ATM when you can rob the bank?

Matt Lee, Integris’s Director of Technology, calls this a “multiplication of force.” He explains, “Rather than spend time and effort on many smaller attacks with lower yields of information, why not target the companies who protect them?”  The data collected from an MSP breach is far greater than that gathered by individual attacks on each company the MSP serves.

The idea of targeting MSPs has been around since 2014, but as hackers evolve their attacks MSPs are increasingly finding themselves at higher risk. In October of 2018, the CISA issued an alert for Managed Services Providers that they are actively under attack from Advanced Persistent Threat actors.

Why MSPs Are Under Attack

In December, nine service providers across the globe were hacked by bad actors. Hewlett Packard and IBM were two of the larger firms affected by the breaches, proving that company size alone doesn’t protect a company from attacks.

These attacks are loosely motivated by two reasons: monetary gain or political advantages.

Monetary Gain

These bad actors are in it for the short term; they want to strike fast, reap the rewards, and disappear. They typically are the hackers who steal financial data and credentials, encrypt sensitive data, threaten and blackmail a business with exposure of the breach to the public, or cash in on ransom money from an attack.

These attacks are a nuisance and while they can cost companies a lot of headache, hassle and loss, they aren’t quite as dangerous as APTs.

APT: Advanced Persistent Threat

These are your organized bad actors. They are usually military organizations and can come from any country, although China, North Korea, Russia, and Turkey are some of the top players in this game.

APTs have a government sponsored mission. They attack for more intellectual gains such as protected trade or government secrets, industrial control, system access, power grid infiltration. The main goal of an APT is to cause damage, collect classified data, and disrupt the infrastructure of the targeted country.

The danger with APTs is that there is no ceiling for their activities and no point where they will quit. They have the backing of their country’s government and, no matter how many times they fail to breach a network, they will continue trying. They don’t just stop at ground level, either; they will continue to exploit weaknesses to the maximum degree possible. They aren’t in it for the money, and that makes them even more dangerous.

Hackers using APTs have the time and patience to wait. They run malware that infects slowly, over a period of days, weeks, and even months and years. These sneaky attacks can go undiscovered for long periods of time, maximizing damages and losses.

State sponsored funding means unlimited resources and spending for these bad actors. These aren’t just a few widespread hacking attempts; APT is a form of targeted cyber warfare. In kinetic warfare, the rules of engagement are clear. Weapons are used, casualties are amassed, and everyone understands the rules whether they choose to play by them or not. Cyberwarfare, however, is far more subtle. There are no sanctions against these countries for cybercrime, and no rules apply in this game.

Cybersecurity insurance can frequently refuse to pay for damages caused by APTs because they don’t cover “acts of war.” This leaves MSPs even more exposed and vulnerable to fallout of an attack on their own networks.

Promises, Promises

Promises have been made and broken by many nations. In 2015, China signed a treaty with the United States, claiming it would stop engaging in espionage and other invasive cyber activities. Far from stopping, however, China’s APT10’s hacking attempts have continued and gained momentum.

North Korea is one of the few countries who use cyberwarfare for monetary gains only. North Korea uses the money it receives from cyberattacks to continue to fund its nuclear weapons programs. Following negotiations in 2017, North Korea promised to stop nuclear testing. Not only did they continue to test nuclear weapons, they have also ramped up cyberwarfare in the United States. 

Integris recognized APTs as the most dangerous form of cybercriminal activity and has been working on ways to protect itself and its clients from these, and all other, hacking activities.

Cybersecurity Insurance Companies Have Found a Loophole

Many businesses rely on cybersecurity insurance to help them recoup losses and pay for damage control following a breach. The reality of these policies is sobering:

Cybersecurity insurance can refuse to pay for damages caused by APTs because they don’t cover “acts of war.”

This loophole is like a home-owner’s insurance that refuses to pay for flooding; small to medium-sized business decision makers are encouraged to read the fine print before signing up for any cybersecurity policy.

Businesses who have been exposed by an MSP breach have no guarantee that their insurance will pay the claim, leaving MSPs even more vulnerable to financial fallout and lawsuits following an attack on their own networks.

Your MSP’s Responsibility to Your Business

Ryan Weeks, Chief Information Officer at Integris’s partner, Datto, has stated:

“There are steps that MSPs can and should take today to shore up defenses against such future attacks.”

He goes on to explain, “Scrutinizing their own credential management and authentication as well as network connectivity and remote access by all users is the first place MSPs must start.”

Integris Protects Itself to Protect You

Integris has developed a mindset that MSPs should live in a state of “high alert.” As Matt Lee explains, “We need to live in a world that believes we are already compromised, and act accordingly.”

To Integris, none of this is “news.” We’ve been aware that MSPs are under attack for years, and we have actively been taking actions to protect our clients.

Some ways Integris is protecting itself and its clients include:

Separation of Powers

The person who creates the accounts is not the same person who will protect them. This removes the potential of infiltration at a single source.

End to End Encryption

Integris not only teaches clients the value of encrypting devices, we also make sure every device we have is always encrypted.


Integris routinely conducts full-blown simulated attacks to test personnel and our own network’s readiness in the face of a real attack. We also send random phishing attempts to employees to gauge their ability to avoid email attacks, which is the most common source of malware in any business.

Improving and Seeking Compliancy

Integris constantly seeks to meet and exceed all compliancy expectations.

Security is the Top Focus: We believe the best defense against an attack is to make sure it never happens in the first place. We are constantly evolving our cybersecurity, with platforms like our two-tiered protection, Iconic Fortify.

Building Our Own Toolsets

Integris builds its own toolsets from the ground up, removing the risk of infected software.

Multifactor Authentication

For Integris employees, multifactor authentication isn’t an option, it’s a requirement.


This virtual perimeter limits access to digital assets.

Third-Party Security

Integris has a separate entity that is responsible for our cybersecurity. In other words, we outsource our company’s cybersecurity to an outside MSSP for an extra layer of protection for our company and our clients.

Constantly Looking for the Next Security Evolution

Integris is a partner to many third-party vendors in the industry and is actively shaping the way these vendors provide their services. Integris asks both fellow MSPs and third-party vendors, “How can we be better?” We understand that in today’s cyberthreat landscape, we must all work together to bring our clients the solutions they need while protecting ourselves. Our thought leaders are constantly working with others within the industry to develop new solutions and better ways to provide them.

Matt Lee is proud of the fact that Integris has so many layers of protection surrounding itself in a world where MSPs are under attack. “We are doing more than any other IT company in the industry to protect ourselves, and our clients, to date.”

MSPs Are Under Attack: Can Your Current MSP Stand Up to The Challenge?

Integris understands the threats against Managed Services Providers. We were among the first to recognize that MSPs are under attack, and to develop strategies to protect ourselves and our clients.

Integris doesn’t believe in skimping on coverage for our clients. Unlike most MSPs that offer bare-bones services, we have plans as vast as the national parks they are named after. To us, anything else is underserving. We give you have the guidance and supplies you need, like a park ranger helping you through the forests and mountains of your IT issues and needs.

Can your current MSP stand up to the challenge of cyberattacks on its own infrastructure? Remember, your IT solutions are only as strong as the company backing them.

Contact us for a free, no-obligation consultation today and let us show you how strong strategies protect us so we can better protect you.

[sc name=”blog-cta-cybersecurity3″]

We're Integris. We're always working to empower people through technology.

Keep reading

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...

Hot Topics for Cybersecurity in 2024

Hot Topics for Cybersecurity in 2024

As we go into 2024, Cybercrime now accounts for $8 Trillion US dollars—enough to make it the third largest "economy" after the US and China.   As scary as that number is, it is the downstream effects of Cybercrime that are so serious. Hacked businesses experience the...

How to Navigate the Cybersecurity Workforce Shortage

How to Navigate the Cybersecurity Workforce Shortage

Cybersecurity stats are in for 2023, and the numbers aren’t pretty. Ransomware attacks are up by 95 percent over 2022, according to the latest analysis by Corvus, a cyber risk insurer. With the inevitable rise in attacks coming in election year 2024, it’s enough to...