Five Eyes agencies warn of attacks on MSPs

Cybersecurity authorities from Five Eye warn of threats targeting managed service providers (MSPs) and potential supply chain attacks through them.

Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. this week released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers.

“The cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States have released joint Cybersecurity Advisory (CSA), Protecting Against Cyber Threats to Managed Service Providers and their Customers, to provide guidance on how to protect against malicious cyber activity targeting managed service providers (MSPs) and their customers.” reads the joint advisory. “The CSA—created in response to reports of increased activity against MSPs and their customers—provides specific guidance for both MSPs and customers aimed at enabling transparent discussions on securing sensitive data.”

The alert provides tactical actions for MSPs and customers, including:

Identify and disable accounts that are no longer in use.
Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.

MSPs are a privileged target for both, nation-state actors and cybercriminals, that once compromised their infrastructure could ultimately attack the customers’ infrastructure by exploiting their access.

The Five Eyes agencies warn of supply chain attacks targeting MSPs and that could impact their customers, such as the SolarWinds attacks.

Below is the list of recommendations included in the guidance:

Prevent initial compromise

Improve security of vulnerable devices.
Protect internet-facing services
Defend against brute force and password spraying
Defend against phishing

Enable/improve monitoring and logging processes

Enforce multifactor authentication (MFA)

Manage internal architecture risks and segregate internal networks

Apply the principle of least privilege

Deprecate obsolete accounts and infrastructure

Apply updates

Backup systems and data

Develop and exercise incident response and recovery plans

Understand and proactively manage supply chain risk

Promote transparency

Manage account authentication and authorization

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, MSPs)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.