Cyberattacks involving compromised Managed Service Providers (MSPs) are on the rise according to a recent warning sent to private sector and government organizations by the US Secret Service.
MSPs are a particularly attractive target since a single MSP can service a large number of customers and cybercriminals use this to their advantage to launch attacks against multiple companies through the same vector.
In a security alert (opens in new tab) sent out last month, Secret Service officials said that their Global Investigations Operations Center (GIOC) had observed cybercriminals using compromised MSPs to launch attacks against PoS systems, to carry out business email compromise (BEC) attacks and to deploy ransomware.
- Multiple retailers hit by new North Korea cyberattack
- This ransomware poses as a Covid-19 tracing app
- Keep your devices protected online with the best antivirus software
According to a report (opens in new tab) from the threat intelligence firm Armor, the company revealed that it had identified at least 13 different MSPs which were hacked in 2019 in order to deploy ransomware on the their customers' networks.
The Secret Service also provided best practices for MSPs and MSP customers to follow to avoid falling victim to an attack in its security alert.
The US federal agency recommends that MSPs have a well defined SLA, ensure remote administration tools are patched and up to date, enforce least privilege for access to resources, have well defined security controls, perform data audits and proactively conduct cyber training and education programs for their employees. At the same time, the Secret Service recommends that MSP customers audit SLAs and their remote administration tools, enable two-factor authentication for all remote logins, restrict administrative access during remote logins and utilize a secure network and system infrastructure.
- We've also highlighted the best endpoint protection