Content, Breach, Content

MSPs a Favored Target of Supply Chain and Infrastructure Attacks, ConnectWise Reports

Credit: Getty Images

All managed service providers (MSPs) need a digital presence, ConnectWise asserts in a new study, but doing so leaves them open to all manner of hacking and “system infiltration” attempts.

With the backdrop of increasing cyberattacks on supply chains, ConnectWise’s cyber research unit analyzed some 440,000 incidents that impacted MSPs and their clients. They identified the top five ransomware variants used to target MSPs in 2022 and some of the biggest vulnerabilities impacting MSPs. They then used this data to make predictions about upcoming trends about that MSPs should be made aware.

The report also provides an analysis of the major MSP-related security events and trends from the past 12 months, alongside predictions for the year ahead.

“All this time spent in cyberspace leaves businesses vulnerable to an onslaught of hacking and system infiltration attempts. Unfortunately, most businesses consider cybersecurity an expense, not an investment. These organizations would rather put money to use elsewhere than protect their most important asset—their data,” ConnectWise said in its MSP Threat Report.

Many small- and medium-businesses (SMBs) believe they don’t need advanced security because they think they’re not a preferred target by hackers. However, “it doesn’t matter what size your business is, everyone is a target. And attackers often go after the low-hanging fruit—those without advanced protection or dedicated cybersecurity staff, which is more characteristic status quo for SMBs,” ConnectWise said.

Research in Detail

Here are some of the findings:

  • When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks, more than transportation, non-profits, construction, education and real estate.
  • Measured by the business sector, manufacturing far outpaces other sectors.
  • No country has close to the number of ransomware hacks as does the U.S.
  • Lockbit led among the most prolific ransomware hijackers targeting MSPs, followed by Cl0p. Lockbit is responsible for 42% of all attacks on MSPs while Cl0p executed on 11%.
  • Hive is responsible for 6% of all ransomware incidents directly targeting MSPs in 2022.
  • Mount Locker/Dagon/Locker/Quantum Locker is responsible for 6% of all ransomware incidents directly targeting MSPs in 2022.
  • Conti, which is no longer in operation, was responsible for 4% of all ransomware incidents directly targeting MSPs in 2022.

ConnectWise Makes its Predictions

ConnectWise’s researchers offered four cybersecurity predictions for MSP in 2023 and beyond:

  • MSPs will remain the target of supply chain and critical infrastructure attacks. As a result, many MSPs themselves will look to an outside partner with the right expertise to start strengthening their cybersecurity posture.
  • Zero trust network architecture is critical for MSPs. The most vulnerable MSPs are those without zero trust network architecture (ZTNA), which is why governments worldwide will continue to expand their programs to require ZTNA from their vendors.
  • Leveraging threat intelligence research and inter-organizational collaboration is essential for MSPs. Understanding current threats can help MSPs prioritize their time and efforts on what will have the most significant impact on their networks and those of their clients.
  • Specialized cybersecurity training will increase across the industry, but ramp-up will take time. While diversified skill sets have worked thus far for MSPs, evolving threat landscapes is best addressed with cybersecurity specialists.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.