{"id":11898,"date":"2025-05-20T16:09:38","date_gmt":"2025-05-20T15:09:38","guid":{"rendered":"https:\/\/mspglobal.com\/blog\/?p=11898"},"modified":"2025-05-20T16:09:40","modified_gmt":"2025-05-20T15:09:40","slug":"msps-cyber-attack-and-security-improvement","status":"publish","type":"post","link":"https:\/\/mspglobal.com\/blog\/msps-cyber-attack-and-security-improvement\/","title":{"rendered":"Why MSPs are Under Cyber Attack and How to Improve IT Security"},"content":{"rendered":"\n

Would you be able to pay a \u00a33m (\u20ac3.5m) fine for poor cybersecurity? That\u2019s how much a UK-based MSP had to pay for failing to protect its client\u2019s data. And even if you could pay it, what damage would be done to your reputation? <\/p>\n\n\n\n

That colossal fine followed a ransomware 2022 attack in which hackers breached the systems of National Health Service software provider Advanced Computer Software via a customer account that did not use multi-factor authentication (MFA). Personal information belonging to 79,404 people was stolen\u2014including details of how to enter the homes of people receiving care at home. <\/p>\n\n\n\n

That\u2019s just one example of the thousands of attacks that are taking place every day. So why are MSPs under increased attack, and what can they do about it?<\/p>\n\n\n\n

MSPs: Cyber Targets and Defenders<\/h2>\n\n\n\n

In the escalating war over digital infrastructure, MSPs have become both guardians and targets. As stewards of IT environments for countless businesses, MSPs hold the keys to networks, data, and Cloud environments across multiple sectors. <\/p>\n\n\n\n

Ironically, the business model of an MSP is what makes it so attractive to the bad guys. MSPs typically maintain remote access, admin-level privileges, and integrated tooling across client environments. This centralized control creates a great opportunity for cybercriminals and explains the increase in \u201chub and spoke\u201d attacks. <\/p>\n\n\n\n

The relatively small size of most MSPs is another factor driving this increase in attacks. Go after a multinational, and not only will you have to combat high levels of IT security, but if you succeed, you are likely to be pursued by the authorities. Attack a small or mid-sized MSP, and the repercussions are likely to be less extreme.<\/p>\n\n\n\n

The Double Cyber Threat for MSPs: RaaS and AI<\/h2>\n\n\n\n

MSPs rely on multiple \u201cas a service\u201d software platforms, and\u2014even more ironically\u2014so do the cyber criminals who target them. LockBit has been at the forefront of this activity, giving access to bad players worldwide. It may have been slowed down by law enforcement activity (and was recently hacked itself) but LockBit\u2019s model proves that ransomware-as-a-service (RaaS) is here to stay\u2026 and the bad guys are saying, \u201cAdd to Cart\u201d. <\/p>\n\n\n\n

AI is accelerating the speed and scale of cybercrime against MSPs. A major US security provider saw more attacks in January 2025 than in the two previous years combined, and the arms race between AI as offense and defense will continue to escalate.<\/p>\n\n\n\n

RMM Vulnerabilities and Other Attack Methods<\/h2>\n\n\n\n

Remote Monitoring and Management (RMM) is central to the MSP offer. It also has the potential to provide access to a network of client systems and data. Attackers can exploit vulnerabilities in RMM software to map networks, move laterally and potentially exfiltrate data or deploy ransomware.<\/p>\n\n\n\n

In 2021, the clients of 50 MSPs were targeted following a breach of the Kaseya platform. That incident shook the industry, and while Kaseya highlighted that only a fraction of its customers were affected, we can see how one attack can snowball through the supply chain of MSPs and the businesses they serve.<\/p>\n\n\n\n

Other common attack methods include:<\/p>\n\n\n\n