Five Eyes Alliance Warns of Hackers Targeting MSPs

Five Eyes Alliance Warns of Hackers Targeting MSPs

Colin Thierry Colin Thierry
Published on: May 12, 2022
Five Eyes Alliance Warns of Hackers Targeting MSPs

Members of the Five Eyes intelligence alliance on Wednesday warned managed service providers (MSPs) and their customers that they’ve been increasingly targeted by supply chain attacks.

Multiple cybersecurity and law enforcement agencies from Five Eyes countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidelines for MSPs to secure their networks and sensitive data against these rising cyber threats.

“The UK, Australian, Canadian, New Zealand, and US cybersecurity authorities expect malicious cyber actors, including state-sponsored advanced persistent threat (APT) groups, to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the agencies said in a joint advisory. “For example, threat actors successfully compromising an MSP could enable follow-on activity — such as ransomware and cyber espionage — against the MSP as well as across the MSP’s customer base.”

Five Eyes cybersecurity authorities have also issued other advisories over the past few years offering general guidance for MSPs and their customers.

However, Wednesday’s advisory came with specific measures on securing sensitive information and data. This was accomplished through transparent discussions that focused on re-evaluating security processes and contractual commitments in order to aid the customers’ risk tolerance.

According to the Five Eyes alliance, the most crucial actions that MSPs and their customers can take include identifying and disabling accounts that are no longer in use, enforcing MFA and MSP accounts that access the customer environment and monitoring for unexplained failed authentication, and ensuring that MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.

“We know that MSPs that are vulnerable to exploitation significantly increase downstream risks to the businesses and organizations they support,” CISA Director Jen Easterly said. “Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

Source of Article