Cyber-attacks related to compromised managed service providers see upswing; even though you rely on an MSP or managed security service provider, you are still culpable for the information that you own.
The US Secret Service (USSS) has been sending security alerts to organisations across the Atlantic regarding an upswing in the number of cyber-attacks related to compromised managed service providers.
Organised Crime
The warning comes as a result of threat intelligence out of the Global Investigative Operations Center (GIOC), which supports USSS in combating organised crime groups.
The alert document, obtained by ZDNet, explains that cybercriminals are “leveraging compromised MSPs to conduct a variety of attacks including point-of sale intrusions, business email compromise &, specifically, ransomware attacks.”
Some reports have painted this as a new trend, but that would not appear to be true. “MSP’s have been in the cross-hairs of APT 10 since 2014,” Threat Intelligence Expert & CISO at Cyjax, Ian Thornton-Trump, explained APT 10, also known as Stone Panda, is a Chinese state-sponsored player, & the MSPs in question then were in Japan.
Japan
“If something is big in Japan,” Thornton-Trump expanded, “it has every chance of going global – and it did.”
He pointed towards the 2017 Cloud Hopper report that concluded attacks on large global MSPs were peaking in 2016.
Thornton-Trump says that this alert should not come as news to anyone, least of all MSPs. “If an MSP has not tightened up defences post 2017, & has ignored a constantly increasing cyber-threat, is repeating the same warning over & over really going to make any difference?”
Reports that MSPs are increasingly now being targeted by ransomware players in particular, “proves that security is not understood to the extent that it should be,” Dan Panesar, Director, Securonix UK & Ireland, outlined. It is the ‘low-hanging fruit’ problem.
MSPs
“We will likely see a steady proliferation of well thought out attacks against MSPs & targeting their clients’ data,” Ilia Kolochenko, CEO at ImmuniWeb, observed. “Attackers concentrate their malicious efforts on MSPs because they are now such a low-hanging fruit.”
Justin Gilbert, Senior Director of Channels at ZIX, agrees that MSP’s are at the front in a battle between attackers & their customers. “Up to date patches & security measures are critical but diligence in password management is a low effort, high impact activity,” he commented.
Best practice
The USSS alert offered advice for MSPs as far as best practice is concerned. The 1st would appear to be aimed more at protecting itself from customer litigation than a threat player, have a well-defined service level agreement.
Advice
In addition, the advice improves. Ensuring remote administration tools are patched, a ‘least privilege culture’ when it comes to resource access, well defined security controls, cyber awareness & training programmes & annual audits.
Culpable
The MSP threat does not end at the service provider. It is the customers the attackers are really after. “It is important to remember that even though you rely on an MSP or managed security service provider, you are still culpable for the information that you own,” Panesar explained further.
Which means putting all that same USSS security advice for MSPs into practice within the client business. “Even though it may seem expensive,” Panesar concludes, “it will be significantly cheaper than a data breach.”