the agencies responsible for cybersecurity from the ∪d states, ∪d kingdom, australia, and canada ‘ve issued a 2nd alert this week, stating that attacks on managed srvc providers (msp) are expected to increase.
the advisory states that if an attacker is able to compromise a srvc provider, then ransomware or espionage activity ‘d be conducted throughout a provider’s infrastructure, and attack its customers.
“whether the customer’s network environment s'on premises or externally hosted, threat actors can use a vulnerable msp as an initial access vector to multiple victim networks, with globally cascading effects,” the nations advised.
“ncsc-uk, acsc, cccs, cisa, nsa, and fbi expect malicious cyber actors — including state-sponsored advanced persistent threat groups — to step up their targeting of msps in their efforts to exploit provider-customer network trust relationships.”
for the purposes of this advice, the msp definition covers iaas, paas, saas, process and support srvcs, swell as cybersecurity srvcs.
in pretty obvious advice, the initial recommendation is to not get compromised inna 1st place. beyond that, usrs are advised to adopt familiar set of advice s'as: improve monitoring and logging, update software, ‘ve backups, use multi-factor authentication, segregate internal networks, use a least privilege approach, and remove old usr accounts.
tis advised that usrs check contracts contain clauses to ensure msps ‘ve sufficient security controls in place.
“customers ‘d ensure t'they ‘ve a thorough cogging of the security srvcs their msp is providing via the contractual arrangement and address any security requirements that fall outside the scope of the contract. note: contracts ‘d detail how n'when msps notify the customer of an incident affecting the customer’s environment,” the advisory states.
“msps, when negotiating the terms offa contract with their customer, ‘d provide clear explanations of the srvcs the customer is purchasing, srvcs the customer aint purchasing, and all contingencies for incident response and recovery.”
original content at: www.zdnet.com…