Managed service providers (MSPs) are coming under increased cyberattack, according to multiple government agencies worldwide.
A new advisory issued by CISA, NSA, FBI, and various international cyber authorities is warning MSPs and their customers are being increasingly targeted by bad actors. MSPs are prime targets, since they provide a single attack vector that can be used to compromise multiple organizations.
Government agencies are advising these companies to take a number of actions in an effort to mitigate these threats, including:
- Implementing mitigation resources to help prevent initial compromise.
- Enable monitoring and at least six months of logging, as well as endpoint detection and network defense monitoring.
- Use multifactor authentication and other measures to secure remote access applications.
- Have incident response and recover plans in place.
- Understand and manage the risks associated with software and services supply chains.
“As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” said CISA Director Jen Easterly. “Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”
“We are committed to further strengthening the UK’s resilience, and our work with international partners is a vital part of that,” said NCSC CEO Lindy Cameron. “Our joint advisory with CISA is aimed at raising organisations’ awareness of the growing threat of supply chain attacks and the steps they can take to reduce their risk. I strongly encourage both managed service providers and their customers to follow this and our wider guidance – ultimately this will help protect not only them but organisations globally.”
Organizations are encouraged to review the entire advisory as soon as possible.
