Five Eyes agencies warn of attacks on MSPs

Pierluigi Paganini May 12, 2022

Cybersecurity authorities from Five Eye warn of threats targeting managed service providers (MSPs) and potential supply chain attacks through them.

Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. this week released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers.

“The cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States have released joint Cybersecurity Advisory (CSA), Protecting Against Cyber Threats to Managed Service Providers and their Customers, to provide guidance on how to protect against malicious cyber activity targeting managed service providers (MSPs) and their customers.” reads the joint advisory. “The CSA—created in response to reports of increased activity against MSPs and their customers—provides specific guidance for both MSPs and customers aimed at enabling transparent discussions on securing sensitive data.”

The alert provides tactical actions for MSPs and customers, including:

  • Identify and disable accounts that are no longer in use.
  • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
  • Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.

MSPs are a privileged target for both, nation-state actors and cybercriminals, that once compromised their infrastructure could ultimately attack the customers’ infrastructure by exploiting their access.

The Five Eyes agencies warn of supply chain attacks targeting MSPs and that could impact their customers, such as the SolarWinds attacks.

Below is the list of recommendations included in the guidance:

Prevent initial compromise

  • Improve security of vulnerable devices.
  • Protect internet-facing services
  • Defend against brute force and password spraying
  • Defend against phishing

Enable/improve monitoring and logging processes

Enforce multifactor authentication (MFA)

Manage internal architecture risks and segregate internal networks

Apply the principle of least privilege

Deprecate obsolete accounts and infrastructure

Apply updates

Backup systems and data

Develop and exercise incident response and recovery plans

Understand and proactively manage supply chain risk

Promote transparency

Manage account authentication and authorization

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, MSPs)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment