International cybersecurity agencies warned that attacks against managed service providers (MSPs) would continue to increase. Authorities from the US, Canada, Australia, New Zealand, and the UK, including the FBI and the NSA, expect threat actors to keep targeting these services to ‘exploit provider-customer network trust relationships.’
The agencies also suggested several practices that IT providers and their customers could apply to protect themselves. Their statement comes on the heels of another alert in April that Russian-backed hackers could launch further attacks, adding that cybergangs have pledged support to Russia.
State-Sponsored Hackers Targeting MSPs
Cybersecurity agencies from the Five Eyes alliance released a joint advisory on Wednesday about the rising threats against MSPs. Members included the US’s CISA, NSA, and FBI, Canada’s CCCS, Australia’s ACSC, New Zealand’s NCSC, and the UK’s NCSC. They said they expect these malicious attacks to continue and become more advanced.
MSPs are third-party companies hired to remotely manage and update IT systems and provide technical support to customers. According to the statement, cybercriminals, ‘including state-sponsored advanced persistent threat (APT) groups,’ will step up their efforts to target these services. As a result, they could affect more victims like organizations and businesses that are MSP clients.
Some MSPs have weak security measures, making it easier for hackers to gain unauthorized access. Then, they could steal client data and launch additional cyberattacks, including ransomware. Or they could gain valuable information about state officials or infrastructure. Moreover, cybersecurity agencies believe that state-backed malicious actors could disrupt geopolitical stability.
Last April, the international bodies said that intelligence data showed that the Russian government was considering cyberattack options. They also added that several gangs pledged support to Moscow in response to the sanctions imposed against the country. CoomingProject, Smokey Spider, Scully Spider, Salty Spider, and Mummy Spider were amongst them.
In addition to the warnings and alerts, cybersecurity agencies also introduced a number of steps that MSP companies and their clients could take to minimize or prevent cyberattacks. They included:
- Implementing mitigation resources to protect initial compromise attack methods from vulnerable devices, internet-facing services, brute force and password spraying, and phishing.
- Enabling monitoring and logging and implementing endpoint detection and network defense monitoring capabilities in addition to using application allowlisting/denylisting.
- Securing remote access applications and enforcing multifactor authentication (MFA) where possible to harden the infrastructure that enables access to networks and systems.
- Developing and exercising incident response and recovery plans, which should include roles and responsibilities for all organizational stakeholders.
- Understanding and proactively managing supply chain risk across security, legal, and procurement groups, using risk assessments to identify and prioritize the allocation of resources.
Jen Easterly, Director of US’s Cybersecurity and Infrastructure Security Agency (CISA), said that hackers continue to target MSP services. That is why “it’s critical that MSPs and their customers take recommended actions to protect their networks,” she added.