The cybersecurity authorities from the US, UK, Australia, Canada, and New Zealand have released a joint security advisory warning managed service providers (MSPs) and their customers of an increased risk of supply chain attacks by malicious actors, including state-sponsored hacker groups.
“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP's customer base,” the agencies said.
The advisory provides recommendations on security measures MSPs and their customers can take to reduce the risk of falling victim to a cyber intrusion, and describes cybersecurity best practices on securing sensitive data.
The recommendations include measures organizations can take to prevent intrusion, such as improving security of vulnerable devices; protecting internet-facing servers; defending against phishing, brute force and password spraying; identifying and disabling accounts and infrastructure no longer in use; enforcing multi-factor authentication (MFA) on MSP accounts that access customer environments, and applying the principle of least privilege to both internal and customer environments, avoiding default administrative privileges.