FBI, CISA, and NSA warn of hackers
increasingly targeting MSPs
source: bleepingcomputer.com, contributed by FAN Steve Page | image: pixabay.com
Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they’re increasingly targeted by supply chain attacks.
Multiple cybersecurity and law enforcement agencies from FVEY countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats.
“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the joint advisory reads.
“For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP’s customer base.”
FVEY cybersecurity authorities have issued other advisories [1, 2, 3, 4] across the last several years with general guidance for MSPs and their customers.
However, today’s advisory comes with specific measures on securing sensitive information and data via transparent discussions centered around re-evaluating security processes and contractual commitments to accommodate the customers’ risk tolerance.
A quick rundown of the most critical tactical actions that MSPs and their customers can take includes:
- Identifying and disabling accounts that are no longer in use.
- Enforcing MFA on MSP accounts that access the customer environment and monitoring for unexplained failed authentication.
- Ensuring MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.
“We know that MSPs that are vulnerable to exploitation significantly increases downstream risks to the businesses and organizations they support,” CISA Director Jen Easterly said.
“Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”
One year ago, the UK government announced a call for advice on defending against software supply-chain attacks and ways to strengthen the cybersecurity defenses of IT Managed Service Providers (MSPs) across the country.
The move came after President Biden had issued an executive order to modernize the United States’ defenses against cyberattacks following the SolarWinds supply chain attack and the DarkSide ransomware attack against Colonial Pipeline, the largest US fuel pipeline.