Not to sound apocalyptic, but there is no shortage of threats targeting MSPs. In fact, hackers love to target MSPs because gaining access to MSPs’ data is like gaining access to their clients’ data too. It’s a huge win for threat actors. According to ethical hacker and founder of AdaHop Cyber Security, Kevin Zwaan, MSPs are operating at a disadvantage when it comes to protecting themselves. But not to worry, he has some advice for you.
Although self-described as a hacker, Zwaan shared his insights at a recent GTIA Benelux Community meeting to help MSPs better prepare for what he believes is an inevitable cyberattack. And what he had to say was eye opening.
“Cybersecurity is no longer about waiting for threats to knock on your door; it’s about understanding exactly how they’ll try to break it down,” he said.” His message was loud and clear from the start. Every company is at risk. You just need to understand how those risks may impact your business.
Expectations vs. Reality
Zwaan discussed one client who approached him when his cybersecurity business was still fledgling. The client asked him to hack into a standalone data center and drop a packet onto his network where it would go unnoticed, but he had to do this without any external media or USB drives. The client expected failure.
Zwaan’s team was able to exploit a four-decades-old vulnerability and accomplish the challenge that was put to his team. His point? His client expected him to fail, but in reality, they succeeded. He cautions that expectations will ultimately position you for failure in real life.
“Hackers never do what you expect. Why would we? Time does not matter to us. We can replicate, test, debug, rinse and repeat until we succeed,” he says.
He encourages MSPs to remember some basic rules about threat actors:
- - Hackers never do what you expect
- - Time isn’t a factor for threat actors
- - Hackers can keep trying until they succeed
- - Security only changes after an incident, allowing threat actors to continue to exploit vulnerabilities using a single project
- - Hackers have a large community powered by infinite knowledge
“There’s always someone who knows something in our community. When was the last time you had a thousand tech-savvy minds at your disposal? Exactly, never,” he said.
Real threat actors don’t infiltrate systems in ways you might expect but instead find alternate ways to access your data. “I want to get a message across that’s really important. There is a discrepancy between expectation and reality. The reality is that there are packets on 70% of servers out there,” he said.
While companies are consistently warned about social engineering, hackable passwords, overlooked firmware updates, free honeypots and fake invoices, real threat actors are actually using more sophisticated approaches such as weaponized trojan payloads within machine-learning models, DevOps pipeline hacks and trojanized collaboration tools.
What Makes MSPs Prime Targets
MSPs are at higher risk for cyberattacks, for multiple reasons, Zwaan said:
- - Infiltrating an MSP allows hackers to target the supply chain
- - Exploiting trusted updates and remote management tools gives threat actors access to large-volume targets
- - Infiltrating an MSP allows hackers to obtain high-level credentials and broad network visibility
- - MSPs often prioritize operations over cybersecurity, creating exploitable gaps in their defenses
- - Hacking an MSP opens up access to diverse data targets, including healthcare, government and finance, among others
If a hacker is able to infiltrate an MSP, they get so much more than one company’s data. They get access to all the companies that MSPs have as partners. Zwaan wants MSPs to know that infiltration is almost guaranteed. “We’re not going to knock on the front door. We are in your stack and you won’t ever see it or know it’s there,” he said.
How MSPs Can Evolve Their Defenses
Despite the seeming inevitability of an impending attack, Zwaan sees hope on the horizon. He offers tips for how MSPs can evolve their defenses. He recommends the following:
- - Attestation-backed payloads
- - Homomorphic encryption for customer data
- - Context-aware honeypots
- - Canary tokens with advanced payload triggers
- - Server bootstrapping via HSM-based keys
- - Clear RACI matrix for crisis management
- - Ephemeral infrastructure and immutable deployments
- - Language-model intrusion prevention
- - Decentralized identity for vendors
In addition to these cybersecurity enhancements, Zwaan recommends befriending a hacker. “I really think you should learn about hackers and take advantage of our ideas. This 1% can help you uncover 99% of things that you don’t know yet,” he said. “Talk to a hacker, not a criminal hacker, just a guy who spends his whole day tinkering on his Nintendo Switch. Get to know us as a community, I assure you’ll learn something new every day.”
