12 May 2022

Cybersecurity agencies warn of rise in attacks targeting MSPs


Cybersecurity agencies warn of rise in attacks targeting MSPs

The cybersecurity authorities from the US, UK, Australia, Canada, and New Zealand have released a joint security advisory warning managed service providers (MSPs) and their customers of an increased risk of supply chain attacks by malicious actors, including state-sponsored hacker groups.

“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships. For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP's customer base,” the agencies said.

The advisory provides recommendations on security measures MSPs and their customers can take to reduce the risk of falling victim to a cyber intrusion, and describes cybersecurity best practices on securing sensitive data.

The recommendations include measures organizations can take to prevent intrusion, such as improving security of vulnerable devices; protecting internet-facing servers; defending against phishing, brute force and password spraying; identifying and disabling accounts and infrastructure no longer in use; enforcing multi-factor authentication (MFA) on MSP accounts that access customer environments, and applying the principle of least privilege to both internal and customer environments, avoiding default administrative privileges.


Back to the list

Latest Posts

Cyber security week in review: August 5, 2022

Cyber security week in review: August 5, 2022

The cybersecurity world in brief: Two crypto platforms targeted in multimillion-dollar attacks, hackers exploited an Atlassian Confluence bug to install a never-before-seen backdoor, and more.
5 August 2022
Threat actors exploit Atlassian Confluence bug to install a never-before-seen backdoor

Threat actors exploit Atlassian Confluence bug to install a never-before-seen backdoor

Ljl Backdoor is a fully-featured malware designed to gather files and user accounts, as well as system information.
4 August 2022
Thousands of Solana wallets drained in yet another multimillion exploit

Thousands of Solana wallets drained in yet another multimillion exploit

More than 8,000 wallets have been affected in the hack.
3 August 2022