Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

2022-05-11 23:43

Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers and their customers.

Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication on MSP accounts that access customer environments, and ensuring transparency in ownership of security roles and responsibilities.

MSPs have emerged as an attractive attack route for cybercriminals to scale their attacks, as a vulnerable provider can be weaponized as an initial access vector to breach several downstream customers at once.

The targeting of MSPs by malicious cyber actors in an effort to "Exploit provider-customer network trust relationships" for follow-on activity such as ransomware and cyber espionage against the provider as well as its customer base, the agencies cautioned.

"MSPs should understand their own supply chain risk and manage the cascading risks it poses to customers," the agencies said.

"Customers should understand the supply chain risk associated with their MSP, including risk associated with third-party vendors or subcontractors."

News URL

https://thehackernews.com/2022/05/government-agencies-warned-of-increase.html

#cyberattack #MSP