Managed service providers facing more attacks than ever before

Cybercriminals are using compromised MSPs to launch attacks against their customers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cyberattacks involving compromised Managed Service Providers (MSPs) are on the rise according to a recent warning sent to private sector and government organizations by the US Secret Service.

MSPs are a particularly attractive target since a single MSP can service a large number of customers and cybercriminals use this to their advantage to launch attacks against multiple companies through the same vector.

In asecurity alertsent out last month, Secret Service officials said that their Global Investigations Operations Center (GIOC) had observed cybercriminals using compromised MSPs to launch attacks againstPoS systems, to carry out business email compromise (BEC) attacks and to deploy ransomware.

Targeting MSPs

Targeting MSPs

Attacks against MSPs surged in 2019 when ransomware gangs includingGandCrabandREvilbegan targeting them as a way to infect their customers.

According to areportfrom the threat intelligence firm Armor, the company revealed that it had identified at least 13 different MSPs which were hacked in 2019 in order to deploy ransomware on the their customers' networks.

The Secret Service also provided best practices for MSPs and MSP customers to follow to avoid falling victim to an attack in its security alert.

The US federal agency recommends that MSPs have a well defined SLA, ensure remote administration tools are patched and up to date, enforce least privilege for access to resources, have well defined security controls, perform data audits and proactively conduct cyber training and education programs for their employees. At the same time, the Secret Service recommends that MSP customers audit SLAs and their remote administration tools, enable two-factor authentication for all remote logins, restrict administrative access during remote logins and utilize a secure network and system infrastructure.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaZDNet

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Top 3 things you have to try with the new ChatGPT search