Managed Service Providers (MSPs) are an important part of the business supply chain, as they provide a wide range of operational and security services and solutions to manage entire client computer networks. And it is already an established fact that targeting MSPs may allow attackers to infiltrate their clients' networks.
MSPs on the front line of recent attacks
Threat Intelligence from security agencies indicates that hackers are increasingly attempting to attack the MSPs.
- Recently, the US Secret Service said that hackers are increasingly attempting to breach MSPs, and then use them as a platform to target their customers, which may include business giants and government agencies.
- Attackers may target point-of-sale systems, or perform business email compromise (BEC) scams, and then deploy ransomware in the internal network infrastructure.
Between January 2019 and October 2019, at least 13 managed service providers were targeted by attackers and used as a platform to push ransomware attacks. And this trend continues in the year 2020 as well.
- On July 5, a ransomware attack had targeted an insurance MSP Xchanging, which is a subsidiary of the Global IT services and solutions provider DXC Technology, which impacted an undisclosed number of customers.
- In February, Ragnar Locker ransomware was observed targeting enterprise support tools, ConnectWise and Kaseya, which are commonly used by MSPs, to prevent their attack from being detected and stopped.
The recent alert
On June 12, 2020, a private industry notification (PIN) was sent to several MSPs, stating that the Global Investigations Operations Center (GIOC) has identified an increase in the attacks targeting MSPs, and attackers are then using their infrastructure to target their clients. The alert also provided some security guidelines, like frequent patching of all software, doing regular audits, having well-defined service level agreements, etc.