CISA, the NSA and the FBI warn about an increase in cyber attacks targeting MSPs

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Today, The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the United Kingdom’s National Cyber Security Center (NCSC-UK), Australian Cyber Security Center (ACSC), Canadian Center for Cyber Security (CCCS), New Zealand National Cyber Security Center (NZ NCSC), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) released an advisory warning threats targeting MSPs. 

As part of the advisory, the agencies warned that they expect “state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors to increase their targeting of MSPs against both provider and customer networks.” 

The potential for an increase in attacks on MSPs and supply chain threats means that organizations need to be prepared to closely manage relationships with third party providers and ensure that there are no security vulnerabilities.  

Securing the supply chain 

The advisory comes as organizations and service providers struggle to mitigate supply chain threats, most notably with the SolarWinds and Kaseya breaches, which led to the compromise of over 1,100 downstream organizations. 

At the heart of the challenge is that many providers have lacked the incident response capabilities to react to incidents in time, with 66% of suppliers in successful supply chain attacks not knowing or failing to report on how they were compromised. 

If the announcement is correct, then organizations need to drastically rethink how they manage relationships with third party suppliers.  

“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” said CISA Director Jen Easterly. 

In practice that means taking a more proactive approach to finding risks. ”Enterprises must focus on implementing zero-trust and increase active threat hunting, especially across networks and endpoints which are accessed by MSPs, ” said former cybersecurity commissioner for the Obama administration, and Head of cybersecurity Strategy at VMware, Tom Kellermann.

Kellerman believes the Russian-Ukraine war will drive the increase in these attacks as Russian cyber-spies deploy supply chain strategies to deploy destructive malware across entire customer bases of MSPs. 

Improving security posture against supply chain threats 

With supply chain threats on the rise, the advisory recommends enterprises take steps to mitigate risks in the supply chain. 

In particular, the advisory says that MSP customers should review their contractual arrangements with providers to ensure that the MSP will implement a set of specific security measures and controls. 

These controls include implementing mitigation resources to protect against compromise attack methods, enabling monitoring and logging, implementing endpoint detection and network defense monitoring, ensuring secure remote access applications and deploying multi-factor authentication.

It also states that MSPS should develop and implement incident response and recovery plans that break down the roles and responsibilities of stakeholders within the organization. 

In addition to these controls, Kellermann recommends that enterprises should apply micro-segmentation, deploy Active Application control, expand weekly threat hunting to include shared networks and services, apply just in time administration, and ensure all backups are viable. 

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Source: Read Full Article