On June 12th, 2020, the US Secret Service sent out an alert that warned the US private sector and government organizations of Managed Service Providers (MSPs) being hacked at an increased rate. Many of these attacks use the MSP’s server component to gain full control of their software clients. A majority of the hacks of MSPs were used to carry out Business Email Compromise (BEC) scams, ransomware attacks, and attacks against Point-of-Sale systems (POS). MSPs have become a popular target in recent attacks that were carried out by the notorious ransomware operators GandCrab and REvil and then used to go after the MSP’s clients. While no numbers can be confirmed, Kyle Hanslovan believes the number of MSP hacks in 2019 could be “well over 100.” This is actually the second alert warning of attacks against MSPs sent out over the past two years. The National Cybersecurity and Communication Integration Center (NCCIC) sent an alert out in 2018 warning of state-sponsored actors carrying out attacks against MSPs–especially those that offer cloud-based services.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in