Unscrupulous vendors peddling online access to unwitting Managed Service Providers (MSPs)
In recent months, Managed Service Providers (MSPs) have become a lucrative target for threat actors. These organisations, which provide services to multiple downstream customers, offer an attractive entry point for cybercriminals seeking access to a multitude of systems and data.
This trend follows warnings from the FBI, the Cybersecurity and Infrastructure Security Agency, and the Five Eyes intelligence services about MSPs being targeted by advanced persistent threat actors. Initial Access Brokers (IABs), intermediaries in the cybercrime ecosystem, are selling access to MSPs as a means of providing an online gateway to numerous organisations.
The solicitations for access to MSPs provide specific details about the targeted organisation, including access methods, administrative privileges, and whether the victim has ransomware insurance. These details suggest a high level of planning and sophistication on the part of the threat actors.
However, MSPs may not have the necessary financial resources, personnel, or internal expertise to operate a 24/7 security operations team on their own, making them potentially vulnerable to attacks. To mitigate this risk, MSPs should consider partnering with cybersecurity firms to bolster their defences.
For organisations using MSP services, it is crucial to take several precautions. Basic hygiene measures, such as the implementation of multi-factor authentication, least privileged access, security updates, and patches, should be implemented. Organisations should also limit their online visibility and take inventory of specific systems.
Networks should be monitored for suspicious activity, and offline backups should be maintained to minimise data loss in the event of a breach. It is also important to maintain an accurate inventory of physical systems, running services, and user accounts.
Researchers have disclosed solicitations in online criminal hacker forums where access to MSPs was advertised. While specific names of Managed Service Providers (MSPs) that Initial Access Brokers (IABs) have provided online access to have not been disclosed, IABs commonly offer access to VPNs, email or SaaS platforms, domain or Active Directory systems, and compromised third-party accounts, including MSPs' tooling, to enable cybercriminal operations.
In conclusion, the threat against MSPs is a serious one, and organisations must take proactive steps to protect themselves. By implementing basic cybersecurity measures and partnering with reputable MSPs, organisations can significantly reduce their risk of falling victim to a cyberattack.
Read also:
- Catastrophe at a U.S. Steel facility in Pennsylvania results in the loss of two lives. crucial details unveiled
- Manipulating Sympathy: Exploiting Victimhood for Personal Gain
- Prices remain a concern for the Germans
- Auto Industry Updates: Geotab, C2A, Deloitte, NOVOSENSE, Soracom, and Panasonic in Focus
){kind=link}