Major APT group is targeting MSPs – Are you prepared?

Print Friendly, PDF & Email

Despite the time managed service providers spend talking to their customers about the importance of security and teaching them to follow security best practices, many MSPs don’t practice what they preach. And that could be a big problem. 

According to a recent report from PwC UK and BAE Systems, a China-based hacking group known as APT10 has been conducting a sustained campaign targeting MSPs, and the group has significantly stepped up its activity since mid-2016.

“APT10 has vastly increased the scale and scope of its targeting to include multiple sectors, which has likely been facilitated by its compromise of MSPs,” the report states. “Such providers are responsible for the remote management of customer IT and end-user systems, thus they generally have unfettered and direct access to their clients’ networks. They may also store significant quantities of customer data on their own internal infrastructure. MSPs, therefore, represent a high-payoff target for espionage focused threat actors such as APT10.”

It’s time improve your own security

Unfortunately, many MSPs still do the bare minimum for security. Being an MSP can be sort of like being a firefighter. You’re always running around putting out fires for your customers, but your own house could burn down while you aren’t paying attention.

The reality is MSPs usually won’t take action to improve their own security practices until after they’ve been hit a few times. One trend I’ve noticed recently, though, is more MSPs starting to use password management tools. That’s a step in the right direction, but it’s not enough.

MSPs need to understand the damage a breach like this could do to their organization’s reputation. Strengthening your security posture takes time, effort, and investment, but it will be a much more difficult process if you’re also trying to regain your customers’ trust because a breach of your network caused their data or their systems to be compromised.

Here are actions you can take now to protect your MSP: 

  • Standardize security policies and procedures. Security procedures only work if everyone in the organization is following them. 
  • Train employees on an ongoing basis. Whether they’re a technician or a sales rep, everyone in your organization should be up to date on recent threats and attacks so they can educate customers, answer their questions, and help protect customers’ networks effectively.
  • Take a layered approach to security, including email security with advanced threat protection and a next-generation firewall.
  • Get to know the ins and outs of the products and services you’re offering. It’s important to understand where protection starts and stops with each tool so you can make sure they’re implemented effectively, both for your customers and your MSP.

In the end, it boils down to needing to be your own best customer. “Don’t ask a business to implement something if you haven’t done so yourself,” wrote Chris Johnson of Wheelhouse IT in a recent post on the Intronis MSP Solutions by Barracuda blog. 


Neal Bradbury is the Co-Founder and Vice President of Channel Development at Intronis. Connect with him on LinkedIn here.Connect with him on LinkedIn here

Scroll to top