7 July 2020

US Secret Service warns about a rise in hacks of MSPs


US Secret Service warns about a rise in hacks of MSPs

The US Secret Service has issued a security alert warning organizations about an increase in cyber attacks involving compromised Managed Service Providers (MSP).

MSPs provide remote management software for companies, and given that a single MSP can service a large number of customers, vulnerable managed service providers present a great opportunity for hackers seeking to compromise multiple companies via the same vector.

“MSPs utilize multiple open source and enterprise software applications in the facilitation of remote administration. In the event of an MSP compromise, these applications are often used by bad actors to access their customer’s networks and conduct attacks,” the report said.

“Cyber criminals are leveraging compromised MSPs to conduct a variety of attacks including point-of-sale intrusions, business email compromise (BEC), and specifically ransomware attacks.”

The alert also provides best practices to be implemented by MSPs and their respective customers.

Best practices for MSPs:

  • Have a well defined service level agreement

  • Ensure remote administration tools are patched and up to date

  • Enforce least privilege for access to resources

  • Have well defined security controls that comply with end users regulatory compliance

  • Perform annual data audits

  • Take into consideration local, state, and federal data compliance standards

  • Proactively conduct cyber training and education programs for employees

Best practices for customers:

  • Audit Service Level Agreements

  • Audit remote administration tools being utilized in your environment

  • Enforce two-factor authentication for all remote logins

  • Restrict administrative access during remote logins

  • Enforce least privilege for access to resources

  • Utilize a secure network and system infrastructure, capable of meeting current security requirements

  • Proactively conduct cyber training and education programs for employees

Back to the list

Latest Posts

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024
Sophisticated malware campaign targeting end-of-life routers and IoT devices

Sophisticated malware campaign targeting end-of-life routers and IoT devices

A recent campaign targeted over 6,000 ASUS routers in less than 72 hours.
27 March 2024
Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

The observed cyberattack employed phishing emails as the primary method of infiltration.
27 March 2024