Government Agencies Warn of Rise in Cyber ​​Attacks Targeting MSPs

We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20-28. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Register today!

Today, several government agencies around the world, including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the NSA in partnership with the United Kingdom’s National Cyber ​​Security Center (NCSC-UK), as well as the ‘Australian Cyber ​​Security Center (ACSC), Canadian Center for Cyber ​​Security (CCCS), New Zealand National Cyber ​​Security Center (NZ NCSC) — has issued a threat warning notice targeting service providers managed services (MSP).

As part of the advisory, the agencies warned that they expect “state-sponsored Advanced Persistent Threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against networks of suppliers and customers”.

The potential for increased attacks against MSPs and supply chain threats means organizations must be prepared to closely manage relationships with third-party vendors and ensure there are no loopholes of security.

Securing the supply chain

The advisory comes as organizations and service providers struggle to mitigate supply chain threats, including with the SolarWinds and Kaseya breaches, which led to the compromise of more than 1,100 downstream organizations.

At the heart of the challenge is that many suppliers and executives lack the incident response capabilities to respond to incidents in time, with 66% of suppliers who experienced successful supply chain attacks not knowing or not not reporting how they were compromised.

If the announcement is correct, then organizations must radically rethink how they manage relationships with third-party vendors.

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support. That’s why it’s critical that MSPs and their customers are taking steps to protect their networks,” Jen said. East Director of CISA.

In practice, this means taking a more proactive approach to detecting risks.

“Companies need to focus on implementing zero trust and increasing active threat hunting, especially on the networks and endpoints accessed by MSPs,” said Tom Kellermann, former cybersecurity commissioner of the Obama administration and head of cybersecurity strategy at VMware.

Kellerman believes the Russian-Ukrainian war will lead to these attacks increasing as Russian cyber-spies deploy supply chain strategies to deploy destructive malware across MSP customer bases.

Improve security posture against supply chain threats

With supply chain threats on the rise, the advisory recommends companies take steps to mitigate supply chain risks.

In particular, the advisory states that MSP customers should review their contractual agreements with vendors to ensure that the MSP will implement a set of specific security measures and controls.

These controls include implementing mitigation resources to protect against compromise attack methods, enabling monitoring and logging, implementing endpoint detection, and monitoring defense network, securing remote access applications and deploying multi-factor authentication.

It also states that MSPS must develop and implement incident response and recovery plans that break down the roles and responsibilities of stakeholders within the organization.

In addition to these controls, Kellermann recommends enterprises apply micro-segmentation, deploy active application control, expand weekly threat hunting to include shared networks and services, apply just-in-time administration and ensure that all backups are viable.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more about membership.

Ashley C. Reynolds