FBI, CISA, and NSA Warn MSPs Increasingly Targeted by Cyberattacks

Five Eyes (FVEY) intelligence alliance members issued a warning that managed service providers (MSPs) and their clients are increasingly targeted by cyberattacks. Numerous cybersecurity and law enforcement agencies from the United Kingdom, Australia, Canada, New Zealand, and the United States shared information and guidelines for MSPs to secure networks and sensitive data against rising cyberattacks.

Warning About Cyberattacks On MSPs

According to the joint advisory, cybersecurity authorities, including NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI, expect malicious threat actors, including state-sponsored advanced persistent threat (APT) groups, to step up their efforts to target MSPs and exploit customer-provider network trust relationships. Threat actors are looking to use a vulnerable MSP, whether the customers’ network environment is on-premises or externally hosted, as an initial access vector to numerous victims’ networks, causing global cascading effects. Threat actors can compromise an MSP allowing follow-on activity, including ransomware and cyber espionage, against the MSP and across their client base. Malicious cyber actors, in their efforts to compromise MSPs, exploit vulnerable devices and internet-facing services, conduct brute force attacks, and use phishing techniques.

The current advisory provides specific guidance regarding how MSPs and their clients can have open, well-informed discussions about securing sensitive information and data. To accommodate client risk tolerance, the discussions can result in a re-evaluation of the security process and contractual commitments to assist clients’ risk tolerance. MSPs, their clients, and the global information and communications technology (ICT) community will all benefit from a shared commitment to security. Over the past several years, FVEY cybersecurity authorities issued other advisories with general guidance for MSPs and their clients. The guidance includes the most critical tactical actions MSPs and their clients can implement when under threat:

• Identify and disable accounts that are no longer in use
• Enforce MFA on MSP accounts with access to customers’ environments and monitor unexplained failed authentication
• Ensure MSP-customer contracts can identify ownership of ICT security roles and responsibilities.

CISA director, Jen Easterly, explains that MSPs are vulnerable to exploitation that can significantly increase downstream risks to companies and organizations they support. Securing MSPs is critical to the CISA’s collective cyber defense. Additionally, the interagency and international partners of CISA are committed to hardening the security of MSPs and improving the resilience of the global cyberattacks.

The cyberattacks against MSPs are serious and will continue to increase given the vast amount of valuable data to which they have access. It is because of this that SpearTip offers a security platform designed to protect MSPs and their clients from the type of cyberattacks global cybersecurity agencies note in the warning. SpearTip performs comprehensive risk assessments, including internal and external penetration testing, for MSPs and their clients that identify any security gaps, which we then help remediate. Furthermore, our ShadowSpear Platform ensures that all endpoints within an environment are protected against threat actors with continuous active monitoring from our US-based security operations center (SOC). The engineers who staff our SOC 24/7/365 have the capabilities to identify, neutralize, and counter any malicious activity before it can gain an environmental foothold and access the data of MSPs and their clients.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.