The Five Eyes alliance of cybersecurity authorities from the United States, the United Kingdom, Australia, New Zealand, and Canada last week published a joint advisory warning of threats targeting managed service providers (MSPs) and their customers.
The advisory recommends customers of MSPs in the member nations on how to guard sensitive details and reassess security posture and contractual agreements with their service providers based on individual risk tolerance. MSPs are a prime target for cybercriminals and nation-state actors–because attacking an MSP can lead to additional downstream victims (as we witnessed with Kaseya and the SolarWinds assaults.)
"As this advisory makes clear, malicious cyber actors continue to target managed service providers, which is why it's critical that MSPs and their customers take recommended actions to protect their networks," Jen Easterly, director of US's Cybersecurity and Infrastructure Security Agency (CISA) stated.
"We know that MSPs that are vulnerable to exploitation significantly increase downstream risks to the businesses and organizations they support. Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain," she added.
The alert is the result of a collaborative effort among the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation in the U.S.; the National Cyber Security Centers in the United Kingdom and New Zealand; the Australian Cyber Security Center; and the Canadian Center for Cyber Security.
Mitigation tips
In the advisory issued on the second day of the NCSC's Cyber UK conference, where several senior figures from the cybersecurity agencies have met to discuss the issue of global cyber threats, the authorities recommend that MSP customers ensure that their MSPs implement the following measures and controls:
• To counter initial assault, enhance the security of vulnerable devices, protect internet-facing services and defend against brute-force and phishing attacks.
• Improve monitoring and logging processes for the delivery infrastructure activities used to provide services to the customer.
• Enable multifactor authentication across all customer services and products.
• Periodically erase obsolete accounts and infrastructure and apply updates to the infrastructure whenever available and necessary.
• Develop incident response and recovery plans.
• Understand and proactively manage supply chain risk.
• Adopt transparent processes and, at the same time, manage account authentication and authorization.
