🖥️ More MSPs are Stumbling into Compliance

Managed Service Providers (MSPs) are facing a significant shift in client expectations. What began as requests for technical support and infrastructure management has evolved into demands for comprehensive compliance solutions. Many MSPs find themselves unprepared for this transition, lacking the specialized knowledge and tools needed to effectively address regulatory requirements like HIPAA, SOC 2, CMMC, and others. However, with the right approach and tools, IT providers can successfully expand their service offerings to include compliance without overwhelming their teams or compromising quality.

✅ Integrating Sustainability into Corporate Strategies

Environmental, Social, and Governance (ESG) compliance has become a topic of heavy discussion in 2025. As regulatory frameworks change and stakeholder expectations adjust with social and political movements, organizations are examining how embedding ESG principles into their operations can affect sustainability, transparency, and ethical governance. In this article, we’ll take a broad, overhead look at ESG compliance, its challenges, and actionable strategies for businesses.

🤔 Reader Poll!

⚒️ Have You Used Your Free Trial of Blacksmith?

Blacksmith Infosec offers a free trial of their compliance management platform, giving users 30 days to explore the tool. If you’ve already signed up, we recommend configuring your NFR to get the full experience as both a user and an admin.

If you have questions about getting started, simply email [email protected] for white glove assistance!

(If you haven’t signed up for your free trial, there’s no better time than now!)

⚠️ Threat Updates

🔴 Tax-Themed Phishing Campaigns (4/7/25)

Microsoft has identified a surge in phishing attacks exploiting tax season. Threat actors use PDFs, QR codes, and fake DocuSign pages to deliver malware, including BRc4, Latrodectus, Remcos RAT, AHKBot, and GuLoader. These campaigns primarily target U.S. sectors like IT and consulting, so we should all be extra vigilant!

🔴 Hunters International’s Shift to Data Extortion (4/4/25)

The ransomware group Hunters International has rebranded as "World Leaks," focusing solely on data extortion rather than encryption-based attacks. Since its emergence, this ransomware gang has claimed over 280 attacks against organizations worldwide, making it one of the most active ransomware operations. Using custom exfiltration tools, they target sensitive data from organizations globally, including past victims like Tata Technologies, AutoCanada, and the U.S. Marshals Service.

🗨️ Parting Words

“One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man.” — Elbert Hubbard (Author)

Are you a vCISO or MSP looking to streamline compliance management? We invite you to try Blacksmith, the channel’s fastest-growing tool for Compliance-as-a-Service!