Cybercriminals Are Attacking MSPs – And Defense Depends On Remote Workers

By Frances Dewing, CEO Rubica Cybersecurity

On June 12, 2020, the US Secret service issued an alert warning that MSPs were a prime target for cybercriminals. It’s not a surprising move for the current-day con artist. Attacking MSPs, of course, allows any infection to spread simultaneously to many companies at once.

Cybercriminals are targeting MSPs

Here’s how the attack strategy works: criminals hunt the MSP as the node for multiple types of attacks against their customers. These attacks include compromise of payment systems, email systems, wire transfer fraud, and ransomware. By their very nature, an MSP often has the keys to the kingdom: admin access to all the technical infrastructure, data, and systems of their customers. If your MSP is compromised then that tunnel provides an attacker with full visibility and control over all your customers. It’s a devastating level of access for a hacker to have.

Hackers are hunting remote workers

MSPs were in the crosshairs already, but the increase in remote working makes them more of a target. In recent months Evil Corp, a Russian cybercriminal gang, started targeting American remote workers with ransomware. They watch which users use a corporate VPN, then wait until the employee toggles off the VPN for normal browsing to infect the machine, only deploying the malware once the user reconnects to the corporate VPN. The corporate VPN becomes the vehicle into the company ecosystem to spread the malware.