SMBs Targeted By State-Aligned Actors Through Their MSPs: Proofpoint

new study by Proofpoint researchers found that Advanced persistent threat (APT) actors are increasingly using vulnerable regional managed service providers (MSPs) to leverage attacks on the small and medium-sized businesses (SMB’s) they service. Once through the MSP’s defenses, the attackers are feeding off of the less well defended SMB’s for financial gain.

The report published this week found that the state aligned actors from Russia, Iran and North Korea were increasingly using this supply chain approach to breach SMB’s defenses.

Proofpoint: “Regional MSPs often protect hundreds of SMBs that are local to their geography and a number of these maintain limited and often non-enterprise grade cyber security defenses. APT actors appear to have noticed this disparity between the levels of defense provided and the potential opportunities to gain access to desirable end-user environments.”

David Mitchell, Chief Technical Officer, HYAS starts off the commentary with this:

   “MSP/MSSPs have been a concern for quite some time, primarily due to the access required into a customer network, along with varying degrees of technical and security expertise on the provider side. Managed services is no longer a high margin business and as such, many MSPs are still utilizing legacy technologies to provide services to their customers, which leaves everyone in that chain exposed.

   “Understanding the security posture of your third party providers is a difficult, if not impossible undertaking for small and medium businesses. Until there is a more scalable way of continuously auditing your service providers, the risk fully lies with whether the customer chose a capable MSP or not.“

Roy Akerman, Co-Founder & CEO, Rezonate adds this:

   “We’ve seen the increased risk around third-party access and supply chain risk increasing for the past few years. The Kaseya VSA software vulnerability used by many MSPs was a key part of distributing REvil ransomware all the way to SMB organizations managed by MSPs. So was the SolarWinds security breach. “Watching-the-watcher” was and will continue to be a focus for organizations who outsource their work externally while always being able to identify who’s doing what and for what reason. Zero trust principles can help tackle and reduce risk by limiting MSPs to only do what they need to and not take the path of a yet-another-superadmin across your network.”

For many small and midsize companies, having someone else remotely monitor and manage their computer network is perceived as a no-brainer. The managed service provider can improve efficiency, reliability, security, and maintenance — all while lowering costs and freeing up IT staff to work on more strategic projects. But there are risks, and this Proofpoint research illustrates that in black and white.

Leave a Reply