Government agencies warn of increase in cyberattacks targeting MSPs

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Today, multiple government agencies worldwide including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and NSA in partnership with the U.K.’s National Cyber Security Center (NCSC-UK), as well as the Australian Cyber Security Center (ACSC), Canadian Center for Cyber Security (CCCS), New Zealand National Cyber Security Center (NZ NCSC) — released an advisory warning threats targeting managed service providers (MSPs). 

As part of the advisory, the agencies warned that they expect “state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.” 

The potential for an increase in attacks on MSPs and supply chain threats means that organizations need to be prepared to closely manage relationships with third-party providers and ensure that there are no security vulnerabilities.  

Securing the supply chain 

The advisory comes as organizations and service providers struggle to mitigate supply chain threats, most notably with the SolarWinds and Kaseya breaches, which led to the compromise of more than 1,100 downstream organizations. 

At the heart of the challenge is that many providers and executives have lacked the incident response capabilities to react to incidents in time, with 66% of suppliers in successful supply chain attacks not knowing or failing to report on how they were compromised. 

If the announcement is correct, then organizations need to drastically rethink how they manage relationships with third-party suppliers.  

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support — why it’s critical that MSPs and their customers take action to protect their networks,” said Jen Easterly director of CISA. 

In practice, that means taking a more proactive approach to finding risks.

”Enterprises must focus on implementing zero-trust and increase active threat hunting, especially across networks and endpoints which are accessed by MSPs,” said Tom Kellermann former cybersecurity commissioner for the Obama administration and head of cybersecurity Strategy at VMware.

Kellerman believes the Russian-Ukraine war will drive the increase in these attacks as Russian cyber-spies deploy supply chain strategies to deploy destructive malware across entire customer bases of MSPs. 

Improving security posture against supply chain threats 

With supply chain threats on the rise, the advisory recommends enterprises take steps to mitigate risks in the supply chain. 

In particular, the advisory says that MSP customers should review their contractual arrangements with providers to ensure that the MSP will implement a set of specific security measures and controls. 

These controls include implementing mitigation resources to protect against compromise attack methods, enabling monitoring and logging, implementing endpoint detection and network defense monitoring, ensuring secure remote access applications and deploying multifactor authentication.

It also states that MSPS should develop and implement incident response and recovery plans that break down the roles and responsibilities of stakeholders within the organization. 

In addition to these controls, Kellermann recommends that enterprises should apply micro-segmentation, deploy Active Application control, expand weekly threat hunting to include shared networks and services, apply just in time administration and ensure all backups are viable. 

Originally appeared on: TheSpuzz