The US Secret Service has issued a security alert warning organizations about an increase in cyber attacks involving compromised Managed Service Providers (MSP).
MSPs provide remote management software for companies, and given that a single MSP can service a large number of customers, vulnerable managed service providers present a great opportunity for hackers seeking to compromise multiple companies via the same vector.
“MSPs utilize multiple open source and enterprise software applications in the facilitation of remote administration. In the event of an MSP compromise, these applications are often used by bad actors to access their customer’s networks and conduct attacks,” the report said.
“Cyber criminals are leveraging compromised MSPs to conduct a variety of attacks including point-of-sale intrusions, business email compromise (BEC), and specifically ransomware attacks.”
The alert also provides best practices to be implemented by MSPs and their respective customers.
Best practices for MSPs:
Have a well defined service level agreement
Ensure remote administration tools are patched and up to date
Enforce least privilege for access to resources
Have well defined security controls that comply with end users regulatory compliance
Perform annual data audits
Take into consideration local, state, and federal data compliance standards
Proactively conduct cyber training and education programs for employees
Best practices for customers:
Audit Service Level Agreements
Audit remote administration tools being utilized in your environment
Enforce two-factor authentication for all remote logins
Restrict administrative access during remote logins
Enforce least privilege for access to resources
Utilize a secure network and system infrastructure, capable of meeting current security requirements
Proactively conduct cyber training and education programs for employees