Several major security agencies of the world, including the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the U.S. CISA, the FBI, the NSA, and the U.K NCSC, have released a second alert within a week, regarding an increase in attacks on Managed Service Providers (MSPs).
What’s the threat to MSPs?
The joint Cybersecurity Advisory (CSA) by the members of the Five Eyes intelligence partners states that malicious cyber actors, including state-sponsored APT groups, are eying MSPs to exploit provider-customer network trust relationships.
- The MSPs covered under this advisory include cyber security services, Infrastructure as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS) providers, as well as providers of process and support services.
- Threat actors are using a vulnerable MSP as an initial access vector to multiple victim networks (on-premises or externally hosted).
- After compromising a service provider, they can attack its customers to conduct ransomware or espionage activity throughout the provider's infrastructure with globally cascading effects.
Recommendations by agencies
In addition to the warning, the advisory provides tactical actions for MSPs and their customers to implement a baseline of security measures to reduce their risk of falling victim.
- The ACSC, CCCS, CISA, FBI, NSA, and NCSC-UK recommend MSPs and their customers defend against brute force attacks, password spraying, and phishing techniques to mitigate these attack methods.
- MSPs and their customers should improve the security of vulnerable devices, protect internet-facing services, and enable/improve monitoring and logging processes.
- Enforcement of MFA, internal architecture risks management, and segregation of internal networks can be helpful for MSPs and their customers.
- Additionally, end customers should ensure that their MSPs have sufficient security controls in place via the contractual arrangement and address any security requirements that fall outside the scope of the contract.
Summing up
Although there are no known trigger points for such an advisory coming from so many major security agencies, attacks on MSPs do have a huge impact on their customers' networks and may lead to devastating consequences. Therefore, MSPs are suggested to follow modern cybersecurity best practices to prevent cyberattacks, safeguard their customers, and enhance their corporate security.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_541381777.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/5dbf_shutterstock_1680058582.jpg)
