12 May 2022

Cybersecurity agencies warn of rise in attacks targeting MSPs


Cybersecurity agencies warn of rise in attacks targeting MSPs

The cybersecurity authorities from the US, UK, Australia, Canada, and New Zealand have released a joint security advisory warning managed service providers (MSPs) and their customers of an increased risk of supply chain attacks by malicious actors, including state-sponsored hacker groups.

“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP's customer base,” the agencies said.

The advisory provides recommendations on security measures MSPs and their customers can take to reduce the risk of falling victim to a cyber intrusion, and describes cybersecurity best practices on securing sensitive data.

The recommendations include measures organizations can take to prevent intrusion, such as improving security of vulnerable devices; protecting internet-facing servers; defending against phishing, brute force and password spraying; identifying and disabling accounts and infrastructure no longer in use; enforcing multi-factor authentication (MFA) on MSP accounts that access customer environments, and applying the principle of least privilege to both internal and customer environments, avoiding default administrative privileges.


Back to the list

Latest Posts

RansomHouse extortion group claims to steal 450 GB of data from AMD

RansomHouse extortion group claims to steal 450 GB of data from AMD

On June 27, 2022, RansomHouse added AMD to their data leak site, thereby AMD launched an investigation.
29 June 2022
APT group used ProxyLogon vulnerability to hack building automation systems

APT group used ProxyLogon vulnerability to hack building automation systems

Chinese-speaking threat actor used Microsoft Exchange vulnerability to gain initial access to victims’ networks.
28 June 2022
Mitel MiVoice Connect zero-day vulnerability used by ransomware operators

Mitel MiVoice Connect zero-day vulnerability used by ransomware operators

A threat actor used the critical remote code execution vulnerability in Mitel MiVoice Connect to gain initial access to a corporate network.
27 June 2022