Cyber criminals are targeting managed service providers (MSPs), companies to which others outsource the administration of their IT infrastructure. Many MSPs also offer network analysis and threat detection services.
MSPs represent an enticing target for attackers due to their use of remote administration tools and the opportunity to instantly gain access to a large number of additional systems—those of the MSP’s client base.
A recent campaign has seen attackers deploying the GandCrab ransomware via a vulnerability in the ManagedITSync plugin, which is used to connect the customer relationship manager (CRM) ConnectWise and remote management software Kaseya, both popular with MSPs.
ConnectWise have since released an updated version of their software, along with advice on how to scan for vulnerable plugin files.
This incident shows, however, the security risk posed by outsourcing IT administration without implementing proper access controls and intrusion detection. Additionally, the use of ransomware in this recent attack reinforces the importance of maintaining proper backups, allowing a business to recover rapidly in the event of a compromise.