Managed service providers (MSPs) have long relied on third-party software to manage clients’ IT infrastructure, but a massive ransomware attack launched over the weekend at customers of Kaseya will likely cause MSPs to take a harder look at the security of their IT suppliers. Kaseya revealed late Friday night that a zero-day vulnerability in its VSA on-premises servers resulted in 60 clients being directly compromised, impacting a pool of 1,500 downstream businesses. After a series of highly publicized ransomware attacks this spring, the Kaseya attack most resembles the compromise of SolarWinds in late 2020. Like SolarWinds, both companies serve large B2B audiences, where Kaseya’s products produce hundreds of end products and services. And therein lies why third-party and supply chain attacks are so daunting. Instead of targeting a single company, threat actors attacking broadly used IT tools like Kaseya or SolarWinds can infiltrate an umbrella of companies. Kaseya’s access to a network of SMB IT vendors and managed service providers (MSP) is a dangerous prospect in malicious hands.