Security News > 2022 > May > Five Eyes turn spotlight on MSPs: Potential weak links in IT supply-chain security

Miscreants are targeting managed service providers to break into their customers' networks and deploy ransomware, steal data, and spy on them, the Five Eyes nations' cybersecurity authorities have formally warned in a joint security alert.

These types of supply-chain or "Island-hopping" attacks can prove very lucrative for cybercriminals because once they break into an MSP, they gain access to all of the customers' networks and data being managed, and in turn commit computer crimes and fraud against those customers' customers.

That MSPs are a weak point in the IT supply chain isn't Earth shattering for a good number of you in the industry, though it's welcoming to see governments not only recognize the threat but also attempt to highlight it.

The Five Eyes alert also provides guidance on discussions that should happen between MSPs and their customers about securing sensitive data.

Customers should check that their contracts specify that MSPs implement certain security controls, according to the agencies, which include CISA, the FBI and the National Security Alliance.

MSPs should log their delivery infrastructure activities related to providing services to their customers as well as internal and customer network activity, according to the alert.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/11/five_eyes_msp/