Cyberattacks against MSPs are increasing as AI makes threats smarter than ever

During 2025, the threat landscape facing MSPs (Managed Service Providers) has changed rapidly. A new report from the Acronis Threat Research Unit (TRU), compiled by MSP Global, shows how phishing, AI-driven attacks, and so-called supply chain attacks have become everyday occurrences for many IT service providers. In short, attackers have found their way to customers through us.

Phishing remains the most common entry point. According to Acronis TRU, this method accounts for more than half of all attacks against MSPs this year. Fake login pages, AI-generated emails, and manipulated MFA requests are used to infiltrate providers’ systems, often without being detected in time.

The danger lies not only in a single MSP being affected, but in how one breach can quickly spread to dozens of customer environments. Attackers exploit the trust relationship between MSP and customer, making supply chain attacks particularly serious and difficult to stop.

At the same time, AI has become a double-edged sword. Many MSPs today use AI-based tools to detect and handle threats more quickly, but the same technology is also being used by cybercriminals to automate attacks, create convincing phishing emails, and even generate fake voices or videos used in social engineering campaigns. “Even the least sophisticated actors now have access to advanced AI capabilities,” notes Acronis CISO Gerald Beuchelt in the report. “It only takes one mistake for a company to be at risk.”

Although many of today’s threats are new, several attacks still rely on old, unpatched vulnerabilities. Among the most exploited in 2025 are flaws in Cisco IOS XE, SimpleHelp RMM, and Cleo File Transfer - vulnerabilities still being used to deliver ransomware or steal customer data. This shows how important it is to have a consistent patch management strategy and to work with proactive monitoring rather than only reacting to incidents.

To reduce risks, Acronis TRU emphasizes the importance of combining technology with people and processes. Continuous training, recurring phishing tests, and a clear security culture are essential. Zero Trust principles should be fully implemented. No access without verification, not even internally. Customer environments need to be segmented, updates automated, and incident readiness must be an integral part of operations.

It is now of utmost importance for MSPs to truly think security first. As the hub of digital infrastructure, MSPs are both critical partners for their customers and attractive targets for cybercriminals. As attackers become smarter with the help of AI, the defense side must evolve at the same pace. Those providers who invest in security culture, automation, and continuous education will not only protect themselves but also become their customers’ most reliable partners in an increasingly unpredictable IT world.

How MSPs strengthen their protection

Acronis TRU and MSP Global highlight several measures that make a difference:

• Train staff – continuous phishing tests and security workshops.

• Zero Trust in practice – no access without verification, not even internally.

• Segment customer environments – separate data, tools, and roles to prevent spread.

• Automate patching and updates – reduce the window of vulnerability.

• Build active incident readiness – be prepared when (not if) an attack occurs.
  

It’s time to think security first. MSPs are a critical part of today’s digital infrastructure but also an attractive entry point for cybercriminals. As attackers grow smarter with the help of AI, the defense side must evolve at the same pace. Providers who invest in security culture, automation, and continuous training will not only protect themselves but also become their customers’ most trusted partners.

Do you need guidance and support on how to best communicate with your customers? Contact us at Sales@gridheart.se