[TheRecord] Cyberattacks increasing on managed service providers, US and allies warn

Cybersecurity agencies from the Five Eyes intelligence alliance warned of increased cyberattacks targeting managed service providers (MSP) on Wednesday morning. 

The agencies from the U.S., U.K., Australia, Canada and New Zealand said to “expect state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.” 

MSPs are companies paid to manage IT infrastructure and provide support. The companies typically provide remote IT services to smaller businesses lacking an IT department.

In July 2021, dozens of MSPs were attacked by the REvil ransomware group through Kaseya, a provider of remote management solutions. More than 1,500 organizations around the world were affected by the ransomware attack, largely through their MSPs’ connections to Kaseya.  

The government agencies said on Wednesday that they are “aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.” The alert does not refer to any specific incidents.

The allies recommend measures MSPs should take to protect themselves to “reduce their risk of falling victim to a cyber intrusion,” such as hardening defenses against password spraying and phishing by potential attackers.

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” said Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. 

The alert was co-signed by the FBI, NSA and the cybersecurity centers in the UK, Canada, Australia and New Zealand.

Abigail Bradshaw, head of the Australian Cyber Security Centre, noted that MSPs are “vital” to hundreds of businesses around the world, making them an ideal target for cybercriminals and state-sponsored hackers. 

“These actors use them as launch pads to breach their customers’ networks, which we see are often compromised through ransomware attacks, business email compromises and other methods,” Bradshaw said.  

Managed service providers make attractive targets for malicious actors to scale their attacks. MSPs and their customers should use these recommendations for handling the shared responsibilities of securing sensitive data. https://t.co/pZPluNVLQr

— Rob Joyce (@NSA_CSDirector) May 11, 2022

They all urged MSP customers to make sure their contractual arrangements specify that their MSP implements the measures and controls in the advisory, which included implementing mitigation resources to protect initial compromise attack methods from vulnerable devices, internet-facing services, brute force and password spraying, and phishing.

It also urges MSPs to take a range of other actions like enabling monitoring and logging, securing remote access applications, enforcing multifactor authentication, developing incident response and recovery plans and proactively managing supply chain risk across environments.

Canadian Centre for Cyber Security Sami Khoury tacitly referenced the controversy around Kaseya, noting that they have “seen the damage and impact cyber compromises can have on supply chains, managed service providers, and their customers.”

Khoury added that compromises involving MSPs can result in costly mitigation activities and lengthy downtime for clients.

“Supply chain vulnerabilities are amongst the most significant cyber threats facing organizations today,” said Director of New Zealand’s National Cyber Security Centre Lisa Fong. 

“As organizations strengthen their own cyber security, their exposure to cyber threats in their supply chain increasingly becomes their weakest point. They also need to be prepared to effectively respond to when issues arise.” 

The post Cyberattacks increasing on managed service providers, US and allies warn appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] ‘Mustang Panda’ hacking group exploiting Ukraine invasion, COVID-19 to spread malware

Cybersecurity researchers have uncovered a new campaign by advanced persistent threat (APT) group Mustang Panda to spread a variant of the Korplug malware by exploiting the invasion of Ukraine, COVID-19 and other timely topics.  Slovak security firm ESET published a report this week detailing the campaign, which targeted research entities, internet service providers and European […]

Read More

[ZDNet] Microsoft to release ‘Defender for Business’ platform

All posts, ZDNet

Once the tool is available, customers will be able to buy the platform directly from Microsoft as a standalone offering costing $3 per user per month. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] FBI: This ransomware written in the Rust programming language has hit at least 60 targets

All posts, ZDNet

The BlackCat ransomware gang has claimed at least 60 victims worldwide. Source: Read More (Latest topics for ZDNet in Security)

Read More