Tuesday, July 16, 2024

FBI, CISA, and NSA Warns of Cyberattacks Targeting MSPs

The latest reports observe a rise in malicious cyber activity targeting managed service providers (MSPs) and anticipate this trend to continue.

The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory along with Federal law enforcement partners and international allies that warn of an increase in malicious cyber activity targeting MSPs.

“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the joint advisory reads.

Managed Service Providers

MSPs are entities that deliver, operate, or manage ICT services and functions for their customers via a contractual arrangement, such as a service level agreement.

It offers services in conjunction with other providers that include platform, software, and IT infrastructure services; business process and support functions; and cybersecurity services. MSPs manage these services and functions in their customer’s network environment, either on the customer’s premises or hosted in the MSP’s data center.

MSPs can also offer cloud services, CISA noted this joint advisory “does not address guidance on cloud service providers (CSPs).”

Actions MSPs Can Take to Strengthen their Cyber Defences

  • Improve the security of vulnerable devices by selecting and Hardening Remote Access VPN Solutions, and Vulnerability Scanning Tools and Services
  • Securing internet-facing services
  • Defend against brute force and password spraying
  • Defend against phishing

Detection and Network Defense Monitoring Capabilities

  • MSPs should log the delivery infrastructure activities used to provide services to the customer
  • Implement complete security event management that enables appropriate monitoring and logging of provider-managed customer systems;

The advisory also recommends MSPs secure remote access applications and enforce multi-factor authentication, develop and exercise incident response and recovery plans, and understand and proactively manage supply chain risk.

According to CISA Director Jen Easterly, “We know that MSPs that are vulnerable to exploitation significantly increase downstream risks to the businesses and organizations they support.”Securing MSPs is critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

New Poco RAT Weaponizing 7zip Files Using Google Drive

The hackers weaponize 7zip files to pass through security measures and deliver malware effectively.These...

New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s

X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails...

Hacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the...

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles