The Five Eyes intelligence alliance, which is made up of cybersecurity firms from the United Kingdom, United States, New Zealand, Australia, and Canada, has given a joint notification warning concerning the escalating number of cyberattacks aimed toward managed service providers (MSPs).
MSPs are appealing targets for cyber attackers and nation-state threat actors. Numerous companies count on MSPs to give information and communication technology (ICT) and IT system services because it is typically simpler and less expensive than building the capabilities to deal with those capabilities in-house.
To be able to offer those services, MSPs need dependable connectivity and privileged access to the systems of their consumers. Cyber threat actors target vulnerable MSPs and employ them as the preliminary access vector to obtain access to the systems of all companies and institutions that they assist. It is much easier to carry out a cyberattack on a vulnerable MSP and acquire access to the sites of many businesses than to attack those organizations individually.
Whenever MSP systems are breached, it may take a number of months before discovering the attack. Throughout that time, attackers may carry out cyber espionage on the MSP and its clients or prepare other additonal activities like ransomware attacks.
The Five Eyes agencies offer suggestions for baseline security steps that MSPs and their clients ought to employ and likewise recommend clients to assess their deals with MSPs to make sure that the contracts define that their MSPs should apply the suggested procedures and controls.
Steps should be taken to enhance protection to avoid the preliminary compromise. Cyber threat actors typically take advantage of vulnerable devices and Internet-facing services and perform phishing and brute force attacks to get a foothold in MSP systems. The Five Eyes agencies advise MSPs and their users to:
- Safeguard internet-facing solutions
- Boost the protection of vulnerable devices
- Guard against brute force and password spraying
- Secure against phishing
It is important to allow or strengthen tracking and recording processes to let attacks be speedily identified. Considering that attackers may breach systems for months, all businesses must save their most critical records for a minimum of 6 months. The agencies in the advisory recommend whether by means of a all-inclusive security information and event management (SIEM) solution or discrete logging tools, carry out and keep a separate recording regime to discover threats to sites.
It is vital to protect remote access applications and implement multi-factor authentication so far as possible, and make certain MFA is enforced on all accounts that enable access to client environments. Consumers of MSPs ought to make certain that their agreements say that MFA ought to be employed on accounts that are utilized to obtain access to their systems.
The Five Eyes agencies furthermore advise
- Taking care of internal architecture dangers and separating internal networks
- Disapproving out of date accounts and systems
- Using the principle of least privilege
- Implementing software program updates and patches immediately
- Making and implementing incident response and recovery plans
- Backing up systems and data files routinely and assessing backups
- Practicing transparency
- Knowing and proactively handling supply chain risk
- Controlling account authentication and permission
MSPs and their consumers will have distinct environments, thus the recommendations must be employed as appropriate as per their specified security requirements and suitable laws.