Hackers are increasingly targeting MSP solutions and using them to attack service providers' customers, according to a U.S. Secret Service security alert issued June 12. Threat actors are using hacked MSPs to launch cyberattacks against service provider customers' point-of-sale (POS) systems and perform business email compromise (BEC) and ransomware attacks.
Since a typical MSP may support dozens or hundreds of customers, cybercriminals are attacking service providers in the hopes of infecting multiple companies via a single vector, the Secret Service noted. If an MSP is compromised, cybercriminals can then use the service provider's applications to attack its customers' networks.
Recent ransomware attack victims in and around the MSP and IT outsourcing market include:
- DXC Technology's Xchanging subsidiary;
- IT consulting giant Cognizant; and
- business process outsourcing (BPO) specialist Conduent.
Best Practices for MSPs to Guard Against Cyberattacks
The Secret Service offers the following recommendations to help MSPs protect themselves against cyberattacks:
- Establish a well-defined service-level agreement.
- Keep remote administration tools up to date.
- Enforce least-privilege policies for access to resources.
- Create security controls that comply with data security regulations.
- Conduct annual data audits.
- Assess local, state and federal data compliance mandates.
- Offer cybersecurity training to employees and update it regularly.
Along with the aforementioned best practices, multi-factor authentication (MFA) may help MSPs guard against cyberattacks, Lane Roush, VP of Presales Engineering at security operations center-as-a-service provider (SOCaaS) Arctic Wolf, told MSSP Alert. Roush indicated that MSPs also can conduct user access reviews of their systems and vulnerability management to improve their security posture.
How MSPs Can Mitigate Ransomware Attack Risks: To further safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.