MSPs encouraged to tighten up security defences

Managed service providers (MSPs) are all too aware that they are targets for cyber criminals, with the security industry warning them to keep an eye out for Akira and Lynx.

The groups are exploiting VPN vulnerabilities, defence evasion and privilege escalation – to name a few techniques – to get access to MSPs to infiltrate their systems.

Jamie Akhtar, CEO and co-founder of CyberSmart, said that MSPs were a target for criminals because of their position in the supply chain. “MSPs usually oversee sprawling client networks, meaning that a successful attack on a service provider can lead to the infection of hundreds of other businesses, multiplying the extortion potential for cyber criminals. “With Akira and Lynx, we’re seeing this in action as several MSPs have been targeted with these strains of ransomware due to their access to client networks.”

Dray Agha, senior manager of security operations at Huntress, has also been tracking the attacks and noted how MSPs were being targeted. “Ransomware groups like Akira and Lynx are relentlessly refining their attacks, specifically targeting the resource-constrained SME sector with increasingly efficient, recycled tactics like credential theft and various attacks against VPN,” he said.

“At Huntress, in 2025 so far, nearly 60% of all active intruders gained entry via the VPN, using either legitimate stolen credentials or brute-forcing techniques,” he added. “The findings underscore the critical need for all businesses, especially SMEs and MSPs, to rigorously enforce fundamental defences.”

Akhtar agreed that defences needed to be stepped up to prevent MSPs from becoming victims of the cyber attacks: “Fortunately, in both cases, these threats have been around for a while now, so we know how they typically work. The attack usually starts with phishing, escalating to credential theft, lateral movement and vulnerability exploitation. Although new variants can also detect and uninstall security software.

“As a first port of call, MSPs should focus on defending against phishing. Most of the time, if your business can counter phishing scams, you can stop the ransomware from ever entering your network. This takes staff training – run phishing simulations and do it often so your employees get used to identifying suspicious communications,” he added.

He advised MSPs to also improve strict access controls and to be rigorous in patching vulnerabilities to reduce the chances that criminals could exploit those weaknesses. “With these steps, you should be able to mitigate most of the things likely to make your business vulnerable to Akira or Lynx,” he concluded.

Earlier this year, Acronis warned MSPs that they were in the firing line and needed to improve their defences against attacks. Speaking back in March, Candid Wuest, vice-president of product management at Acronis, said that going after MSPs was one of the major trends across the security landscape.

“We see that attackers specifically go after service providers or managed service providers, trying to hijack their infrastructure, because many of those might have 10 to 100 small and medium-sized enterprises that they manage. So, if the attackers get in, there’s a lot of attacking possibilities,” he said.