MSPs face intensified cyber threat, US secret service warns

Hackers are compromising MSPs to conduct attacks against their customers, ranging from email compromise and ransomware

Managed Service Providers (MSPs) have been warned that their businesses are becoming increasingly attractive targets for cyber criminals hoping to wreak havoc against customers.

The US Secret Service issued an alert to MSPs in June urging these companies to stay alert and patch their systems given an increase in cyber attacks against them and their customers. 

MSPs provide management services for customers’ IT infrastructures using remote administration tools. Due to the fact they can attend to the needs of multiple customers, cyber criminals are specifically targeting these businesses to make their attacks as efficient as possible, according to the US secret service. 

Compromising a single MSP, therefore, would pose a risk to the security of a large number of businesses.

“MSPs utilize multiple open source and enterprise software applications in the facilitation of remote administration,” the alert published by the US Secret Service, and obtained by ZDNet, said. “In the event of an MSP compromise, these applications are often used by bad actors to access their customer’s networks and conduct attacks.

“Cyber criminals are leveraging compromised MSPs to conduct a variety of attacks including point-of-sale intrusions, business email compromise (BEC), and specifically ransomware attacks.”

Among a host of measures, MSPs have been advised to ensure they have a well-defined service level agreement (SLA), as well as having well-defined security controls that comply with the regulatory needs of end-users.

The US Secret Service has also advised these firms to patch their remote administration tools and enforce access privileges for resources. 

Other measures that can help protect against cyber criminals include performing annual data audits and proactively conducting cyber training and education programmes for employees.

Companies that use MSPs, meanwhile, have been advised to audit their SLAs, as well as auditing the remote administration tools being used in their environments. Enforcing multi-factor authentication (MFA) would better safeguard corporate data, as would restricting administrative access during remote logins.

These companies are also encouraged to proactively conduct cyber training and education for all employees, beyond using a secure network and system infrastructure that’s capable of meeting high security standards.

MSPs have increasingly come under fire, with a report published last year revealing that businesses are being infiltrated by cyber criminals exploiting weak account credentials to gain access to systems installed by MSPs.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021

Most Popular

Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Apple's mixed reality headset could debut in 2022
augmented reality (AR)

Apple's mixed reality headset could debut in 2022

29 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021