Are The Russians Coming for MSPs?



The Russians Are Coming, The Russians Are Coming was a movie from 1966 that was part war part comedy, which I agree is a bit of bizarre cinematic direction. In 1966 it was unthinkable for the American population to believe a Soviet submarine would or could run aground in New England and the Soviets would invade, but fast forward to today and The Russians are everywhere! If you operate in the cybersecurity world you fully understand the constant attacks by Russian state-sponsored cyber criminals. The massive attack on SolarWinds and massive breaches of US federal agencies were credited to Russian cyber criminals. In fact, according to Microsoft’s Digital Defense report “over half 58% of all cyberattacks from nation-states have come from Russia.” These criminals target the United Sates overwhelmingly as well as the UK. But let’s not give Russia and their neighbors all the credit, North Korea, China, Iran and Vietnam are major adversaries in this battle.


It's not secret that the Covid pandemic forced entire workforces to work remote which provided enormous opportunities for cybercriminals. While industry trends have been moving towards the use of Managed Service Providers (MSPs) for years, the pandemic certainly increased the movement of operations to MSPs and cloud services. Criminals of all sorts are good at identifying and exploiting vulnerabilities so it’s not surprising that MSPs are and will continue to be an area of opportunity for these scoundrels. Security has always been the top priority for MSPs but given the increased focus from cybercriminals and recent breaches we have witnessed we have to go on offense in both our capabilities and vigilance.


Hacking into a single organization takes time, diligence and money so why not spend those efforts on attacking MSP’s where access can serve up dozens of organizations at the same time. MSP Alliance “the world’s largest industry association (and certification body for cloud computing and managed services professionals) correctly recognizes that for many reasons, “MSPs find themselves as the front line of defense in the global war against cyberattacks and cybercrime.” These attacks give access to both the MSPs network and their clients. We also need to recognize that solutions need to be wholistic and do not just depend on the MSPs security apparatus, security postures need to include the MSPs supply chain vendors. A scary trend is the direct compromise of software solutions by malware during the development and deployment of software before it reaches the customer such as an MSP. Software supply-chain attacks are worrisome for everyone especially MSPs given the possible “ripple effects across the MSPs entire ecosystem, spring boarding into networks of their customers.”


Case in point, we recently received a call from a small accounting company that had incurred an attack or to be more concise their MSP had incurred the attack. Their client’s data was compromised, encrypted, and you guess it being held for ransom. This is the last thing an accounting firm needs at the end of the calendar year!


There are many reasons a company decides to hire an MSP to manage and secure their IT environment but the most common reason we see is because they have simply outgrown their ability to manage it themselves. Many organizations start building their own environment and manage it primarily because it was necessary for them to be business operational. They either staff the responsibility with one IT person or in some cases assign a staff member’s whose primary role is not IT centric but “they are good with computers.” In most cases the IT environment has been pieced together with the sole focus of just running the business.


Considering technology seems to change by the hour effective and secure IT environments cannot be a part time gig. Fast forward to the decision to move to an MSP. We see the above scenario frequently. Taking into consideration what may be described as a piecemeal approach to developing and managing a company IT environment, what risks are the MSP assuming by bringing this into their environment? What if a hacker already has persistent access to the client systems? What if client information and accounts have already been shared across cybercriminal groups? Is the MSP now inheriting a compromised environment? And more importantly is the MSP now inheriting the responsibility and liability for a breach? How often is a security assessment performed to identify the previous and current security posture prior to onboarding into the MSP environment?


Innovation Orange’s MSP Onboarding Assessments have proven extremely valuable by uncovering existing vulnerabilities that were remediated prior to migrations to MSP environments. We identify and document the overall security posture and technical controls of the environment and provide recommendations to the MSP. Our service provides an MSP valuable insight allowing them to take an eyes wide open approach on migrating new clients into their management ecosystem and designed to reduce the risk of the new client, the MSP, and their existing clients.

Please give us a call and let us help you be more secure in an ever-crazy world!!


Ken Runkles

Managing Partner

Innovation Orange, LLC

ken@innovationorange.net

(540) 999-4373


Innovation Orange, LLC is a Small Business Administration certified HUBZone and Virgina SWaM certified company that specializes in providing technology solutions such as network design and operations, is a Managed Services Provider and specializes in Cybersecurity solutions for businesses and government agencies


[i] SingCERT article published on August 05 2021