The United States Secret Service is continuing to see an increase in cyber related attacks involving compromised Managed Service Providers (MSP). A MSP is a company that provides management services for a customer’s IT infrastructure using remote administration tools. Due to the fact a single MSP can service a large number of customers, cyber criminals are specifically targeting these MSPs to conduct their attacks at scale to infect multiple companies through the same vector.
MSPs utilize multiple open source and enterprise software applications in the facilitation of remote administration. In the event of an MSP compromise, these applications are often used by bad actors to access their customer’s networks and conduct attacks.
Cyber criminals are leveraging compromised MSPs to conduct a variety of attacks including point-of-sale intrusions, business email compromise (BEC), and specifically ransomware attacks.
Best practices for MSPs:
- Have a well-defined service level agreement
- Ensure remote administration tools are patched and up to date
- Enforce least privilege for access to resources
- Have well defined security controls that comply with end users regulatory compliance
- Perform annual data audits
- Take into consideration local, state, and federal data compliance standards
- Proactively conduct cyber training and education programs for employees
Best practices for MSP Customers:
- Audit Service Level Agreements
- Audit remote administration tools being utilized in your environment
- Enforce two-factor authentication for all remote logins
- Restrict administrative access during remote logins
- Enforce least privilege for access to resources
- Utilize a secure network and system infrastructure, capable of meeting current security requirements
- Proactively conduct cyber training and education programs for employees
For any additional information or questions related to this alert, contact GIOC can be contacted at [email protected]. Use GIOC Reference #20-032-I
Shoutout to Ron Benvenisti, you always write some real good stuff!
I agree. with Reb Yid. He personally came to our house to set up our internet so the kids couldn’t get anywhere they shouldn’t and my husband could work from home. Our Rav signed off on it also. He also found some issues we didn’t know about and took care of them. Everything runs faster and we don’t worry about what we see and who can see us! He is a mentsch and would not take a dime. Thank you and be well.