Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

Multiple cybersecurity authorities from Australia, Canada, New
Zealand, the U.K., and the U.S. on Wednesday released a joint advisory^[1]
warning of threats targeting managed service providers (MSPs) and
their customers.

Key among the recommendations include identifying and disabling
accounts that are no longer in use, enforcing multi-factor
authentication (MFA) on MSP accounts that access customer
environments, and ensuring transparency in ownership of security
roles and responsibilities.

MSPs have emerged as an attractive attack route for
cybercriminals to scale their attacks, as a vulnerable provider can
be weaponized as an initial access vector to breach several
downstream customers at once.

The spillover effects of such intrusions, as witnessed in the
wake of high-profile breaches aimed at SolarWinds^[2]
and Kaseya^[3]
in recent years, have once again underlined the need to secure the
software supply chain.

The targeting of MSPs by malicious cyber actors in an effort to
“exploit provider-customer network trust relationships” for
follow-on activity such as ransomware and cyber espionage against
the provider as well as its customer base, the agencies
cautioned.

The major security measures and operational controls outlined in
the advisory are as follows –

1. Prevent initial compromise by securing internet-facing devices
   and implementing protections against brute-forcing and phishing
   attacks
2. Enable effective monitoring and logging of systems
3. Secure remote access applications and mandate MFA where
   possible
4. Isolate critical business systems and apply appropriate network
   security safeguards
5. Apply the principle of least privilege throughout the network
   environment
6. Deprecate obsolete accounts through periodic audits
7. Prioritize security updates for operating systems,
   applications, and firmware, and
8. Regularly maintain and test offline backups for incident
   recovery.

The Five Eyes alert arrives a week after the U.S. National
Institute of Standards and Technology (NIST) published^[4]
updated cybersecurity guidance for managing risks in the supply
chain.

“MSPs should understand their own supply chain risk and manage
the cascading risks it poses to customers,” the agencies said^[5]. “Customers should
understand the supply chain risk associated with their MSP,
including risk associated with third-party vendors or
subcontractors.”