Hackers are Targeting MSPs to Use as 'Launchpad' for Attacks
International cybersecurity agencies are encouraging IT service providers & their customers to take action to protect themselves from supply chain attacks. Cybersecurity agencies warn that Russia's invasion of Ukraine has increased the risk of cyberattacks against organizations around the world. (They also suggest a number of actions that IT & cloud service providers & customers can take to protect networks from supply chain attacks.)
In these supply chain attacks, attackers gain access to a company that provides software or services to many other companies. "As this advisory makes clear, malicious cyber actors continue to target managed service providers, which is why it's critical that MSPs and their customers take recommended actions to protect their networks," said Jen Easterly, director of US Cybersecurity and Infrastructure Security Agency (CISA).
MSPs are a prime target for cybercriminals and nation state actors–because attacking an MSP can lead to additional downstream victims (as we saw with Kaseya and the SolarWinds attacks.) The warning comes from the UK's National Cyber Security Centre (NCSC), CISA, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), along with the National Security Agency (NSA), and Federal Bureau of Investigation (FBI).
Historically, nation state actors have historically used supply chain attacks to target foreign infrastructure. For cybercriminals, especially those who deal with ransomware, MSPs provide a potential avenue to target hundreds of additional victims with ransomware.
"Managed service providers are vital to many businesses and, as a result, a major target for malicious cyber actors," said Abigail Bradshaw, head of the Australian Cyber Security Centre. "These actors use them as launch pads to breach their customers' networks, which we see are often compromised through ransomware attacks, business email compromises and other methods. Effective steps can be taken to harden their own networks and to protect their client information," she added. The advice was issued on the second day of the NCSC's Cyber UK conference, where several senior figures from the cybersecurity agencies have met to discuss the threat of global cyber threats.
Mitigation tips:
Take steps to prevent initial compromise, including:
- Hardening remote access VPN solutions
- Defending against brute force password-spraying attacks by ensuring users use strong passwords
- Ensuring that accounts are defended with multi-factor authentication
Organizations should also make sure they're able to defend against phishing attacks by having appropriate tools in place to filter out spam emails, as well as educating staff on how to detect potentially malicious messages.
It's vital for organizations to monitor their networks and ensure that that logging processes are recorded. This this can help detect and disrupt suspicious activity and prevent an incident in the first place – as well as being able to build a story of what happened if attackers do breach the network. It's recommended that logs are stored for at least six months, because some cyberattacks can take months to detect.
Among other things, it's recommended that IT suppliers and their customers should apply security updates as soon as possible, in order to prevent potential intruders from being able to exploit known vulnerabilities to gain access to the network.
It's vital for suppliers and customers to be transparent about cyber risks–responsibilities should be clearly defined. For starters, ask this question, "Who is responsible for managing systems securely?" For example, a customer should fully understand that applying security updates from a supplier is their responsibility and they could be at risk of cyberattacks if they don't follow best-patching procedures.
This new advisory from the US and its allies highlights why we designed the ThreatAdvice Breach Prevention Platform–it's imperative for MSPs to oversee their customers' cybersecurity, and with the Breach Prevention Platform, we empower MSPs in 5 areas: Detect IT, Manage IT, Learn IT, Reward IT, and Protect IT. Click to download the digital brochure.
Sources:
https://www.cisa.gov/news/2022/05/1...-advisory-protect-msp-providers-and-customers
https://www.zdnet.com/article/hacke...nies-as-a-launchpad-for-attacks-on-customers/
https://www.bleepingcomputer.com/ne...-warn-of-hackers-increasingly-targeting-msps/