Hackers are targeting MSPs in an effort to infiltrate a large audience all at once without being detected as they hit targets upstream. Synoptek, a California Managed IT Services Provider, was one example of an MSP who got hit with ransomware and paid the ransom to get back online.
MSPs and other types of outsourced IT pose a huge risk to enterprises. These external IT admins typically have very wide access into the crown jewels and infrastructure of their clients, including domain controllers, firewalls, endpoint management software, etc. In many cases, enterprises don\’t force those external IT admins to use secure workstations when accessing their environment. Therefore, if an MSP IT admin gets hacked, the hacker gains access from the admin\’s laptop into sensitive resources of all of the MSP\’s clients (via RDP/VPN, etc). Enterprises must mandate that their vendors use trusted secure workstations when connecting to their environment or they risk being the next Target.