Increased Threats to Managed Service Providers

Industry: Technology | Level: Strategic | Source: CISA

A warning was issued to managed service providers (MSPs) by Five Eyes, a collective intelligence alliance from the United States, United Kingdom, Australia, Canada, and New Zealand. As stated in the advisory, “Whether the customer's network environment is on-premises or externally hosted, threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects. The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP's customer base.” The intelligence agencies have not provided any specific targets, only mentioning reports of an increase in cyber activity against MSPs. Recommendations provided by the agencies urge hardening defenses including reinforcing public-facing applications, enabling and improving logging, implementing MFA, segregating networks, utilizing the principle of least privilege, ensuring obsoleted accounts and systems are deprecated, updating systems, and creating regular backups of data.