Managed service providers facing more attacks than ever before

(Image credit: Shutterstock.com)

Cyberattacks involving compromised Managed Service Providers (MSPs) are on the rise according to a recent warning sent to private sector and government organizations by the US Secret Service.

MSPs are a particularly attractive target since a single MSP can service a large number of customers and cybercriminals use this to their advantage to launch attacks against multiple companies through the same vector.

In a security alert sent out last month, Secret Service officials said that their Global Investigations Operations Center (GIOC) had observed cybercriminals using compromised MSPs to launch attacks against PoS systems, to carry out business email compromise (BEC) attacks and to deploy ransomware.

Multiple retailers hit by new North Korea cyberattack
This ransomware poses as a Covid-19 tracing app
Keep your devices protected online with the best antivirus software

Targeting MSPs

Attacks against MSPs surged in 2019 when ransomware gangs including GandCrab and REvil began targeting them as a way to infect their customers.

According to a report from the threat intelligence firm Armor, the company revealed that it had identified at least 13 different MSPs which were hacked in 2019 in order to deploy ransomware on the their customers' networks.

The Secret Service also provided best practices for MSPs and MSP customers to follow to avoid falling victim to an attack in its security alert.

The US federal agency recommends that MSPs have a well defined SLA, ensure remote administration tools are patched and up to date, enforce least privilege for access to resources, have well defined security controls, perform data audits and proactively conduct cyber training and education programs for their employees. At the same time, the Secret Service recommends that MSP customers audit SLAs and their remote administration tools, enable two-factor authentication for all remote logins, restrict administrative access during remote logins and utilize a secure network and system infrastructure.

We've also highlighted the best endpoint protection

Via ZDNet

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.