China Hacked Eight Major MSPs, Technology Service Providers: Report
Hackers working for China’s Ministry of State Security broke into networks of eight major MSPs and technology services providers in an effort to steal commercial secrets from the MSPs’ customers, a Reuters report alleges.
The so-called Cloud Hopper attacks (aka Island Hopper attacks), according to Reuters, penetrated:
- Computer Sciences Corp. (now DXC)
- Dimension Data
- DXC Technology (HPE’s spun-off services arm)
- HP Enterprise
- NTT Data
- Tata Consultancy Services
The service providers offered various comments downplaying the attacks or no comment about the alleged attacks to Reuters.
MSPs: Doorways Into Customer Systems
Ironically, most of those companies also have cybersecurity divisions that rank within the Top 100 MSSPs.
The hackers used those MSP and service provider networks as a springboard into end-customer systems, Reuters alleges. The victim end-customer systems included Ericsson, U.S. Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre, Reuters says.
Details about the attacks first surfaced in December 2018. At the time, only HPE and IBM were mentioned in media coverage about the alleged attacks. Fast forward to present day, and Reuters has now identified all eight service providers by name.
Even Small MSPs Are Under Attack
Hackers worldwide have been hitting MSPs of all sizes — not just global technology service providers. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Thousands of MSPs are pursuing more effective risk mitigation, cybersecurity, and data protection strategies. But there’s plenty of room for more improvement.
Following one recent attack, an MSP bowed to hacker demands and paid more than $150,000 to recover data. In another ugly twist, some IT consulting firms and cybersecurity companies that claim to clean up ransomware are secretly paying attackers as part of their ransomware recovery services.
Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.
CSC / DXC doesn’t surprise me.
Their managed security services offer many services, but I never got the feeling that the monitoring was comprehensive, was particularly customized for any customer, let alone their internal systems. They offer many services, but I never felt that they would actually detect and respond to an attack in real time.
That said, I doubt if most of the others on the list would do any better, politics and pride get in the way of results. And, security organizations are good at making rules for others, but not s good at actually following the rules themselves.
Jim: At this point I expect everyone has either (A) been hacked or (B) set to be hacked.