'Threat actors' expected to step up targeting of MSPs, warns government
International and US authorities says attackers are looking to exploit provider-customer network trust relationships
Multiple global cybersecurity authorities have released a joint statement warning of a proliferation of cyber threats targeting managed service providers (MSPs).
The United Kingdom, Australian, Canadian, New Zealand, and US cybersecurity authorities say "threat actors" are targeting MSPs to access customer networks.
It believes these malicious cyber actors - including state-sponsored advanced persistent threat groups - are expected to step up their targeting of MSPs in "efforts to exploit provider-customer network trust relationships".
"For example, threat actors successfully compromising an MSP could enable follow-on activity—such as ransomware and cyber espionage—against the MSP as well as across the MSP's customer base," the warning said.
A document released by authorities provides steps advice for partners to bolster their security strategy.
This includes identifying and disabling accounts that are no longer in use (shadow IT), enforcing multi-factor authentication (MFA) on MSP accounts that access customer environments, and ensuring MSP-customer contracts transparently identify ownership of ICT security roles and responsibilities.
"This advisory provides specific guidance to enable transparent, well-informed discussions between MSPs and their customers that centre on securing sensitive information and data," the document said.
"These discussions should result in a re-evaluation of security processes and contractual commitments to accommodate customer risk tolerance. A shared commitment to security will reduce risk for both MSPs and their customers, as well as the global ICT community."
In May 2021 MSPs and firms procuring digital services were asked to provide the UK government with feedback on proposed new cybersecurity measures aimed at protecting critical supply chains.
And in January this year, the UK government said it wanted to extend cybersecurity regulations to MSPs in a bid to bolster the security of digital supply chains.
The warning released by authorities this week is the latest call to action for the channel to consider its security procedures by the government.
Other recommended measures include:
- Prevent initial compromise by mitigating attacks through vulnerable devices and internet-facing services.
- Enable/improve monitoring and logging processes.
- Manage internal architecture risks and segregate internal networks.
- Deprecate obsolete accounts and infrastructure.
- Apply updates and back up systems and data.
- Develop and exercise incident response and recovery plans.