‘Hackers increasingly targeting MSPs’, reports the FBI, CISA, and NSA

 

ThreatLocker_CS News Header-1

Cybersecurity organizations in the UK, Canada, Australia, New Zealand, and the US have been made aware of reports of an uptick in malicious cyber activity targeting Managed Service Providers (MSPs.'[They] are aware of recent reports that observe an increase in malicious cyber activity targeting MSPs and expect this trend to continue',  the report states. To further help and advise MSPs, The Cybersecurity and Infrastructure Security Agency has put together a list of recommendations that MSPs and their customers should aim to implement in order to better protect their businesses. This blog will aim to highlight the key components of each recommendation to help you and your customers manage your cybersecurity efforts. 

Recommendations: 

Prevent Initial Compromise: 

  • Threat actors are exploiting vulnerable devices and internet-facing services. It is recommended that MSPs increase the security of vulnerable devices by using solutions like VPNs. It has also been recommended that MSPs implement solutions to help defend against Phishing attacks and brute force password attacks. It is important to note that although there are solutions to mitigate these attacks, human error is always the weakest link. Delivering employee cybersecurity training around phishing and password management will help to educate employees on what not to click and how to create safe and secure passwords. 

Enable/improve monitoring and logging processes: 

  • As an MSP you know that often it can take weeks, even months before threats/exploits are detected. It is recommended that MSPs store their most important logs for at least six months. In addition to this, it has been recommended that organizations should implement endpoint detection and network monitoring as well as use application allowlisting.

Enforce Multifactor Authentication (MFA): 

Manage internal architecture risks and segregate internal networks: 

  • As an MSP, it’s important you fully understand your customer's network so you can better protect them. You need to understand what systems are business-critical and increase the security around these. This could be as simple as segregating customer datasets, using a VPN, or even ensuring that admin credentials are not being re-used across multiple customers. 

Apply the principle of least privilege: 

  • Least privilege provides users, devices, and anything on your network with the minimum privileges required to do their role. In the report, it is specifically recommended that MSPs ensure that admin accounts are restricted as much as possible and that the privileges are updated as soon as there are employee role changes.

Depreciate obsolete accounts and infrastructure: 

  • As we saw in the colonial pipeline attack, passwords are being sold on the dark web and then being used to inflict cyber attacks. It has been recommended that MSPs audit the networks and infrastructure they support to understand the accounts, applications, and infrastructures that could be at potential risk. MSPs will then have a better understanding of the attack surface that threat actors may use and can implement solutions to solve this and better protect their customers. 

Apply Updates: 

  • MSPs have long known that patching and updating applications are a key component of cybersecurity. The report recommends that MSPs prioritize patching vulnerabilities included in CISA’s catalog of known exploited vulnerabilities and that MSPs implement these updates on their networks as soon as possible. 

Backup Systems and Data: 

  • Testing your customer's backups is vital. If we are not testing our backups, how can we be sure that we are able to recover in the event of a disaster? The report recommends that numerous backups are stored, as well as isolating them from network connections (Air Gap). By doing this, as well as storing backups offsite, we give ourselves a much better chance to protect our backups against ransomware. 

Develop and exercise incident response and recovery plans: 

  • Building a disaster recovery plan is the first step to success when facing cyber threats. It is recommended that MSPs maintain up-to-date hard copies of the plans to ensure that the responders can access them at all times. These plans should be tested and rehearsed frequently to ensure that in the event anything changes, the plan can be updated. 

Understand and proactively manage supply chain risk: 

Promote Transparency: 

  • As an MSP setting expectations and defining responsibilities is extremely important when building a strong and successful partnership with your customers. Each party should always have a clear understanding of their responsibilities, especially from a cybersecurity standpoint. This means that when disaster strikes everybody can act fast and knows exactly what to do and whom to contact for help.

Manage Account Authentication and Authorization: 

At ThreatLocker our aim is to provide MSPs across the globe with a cybersecurity stack that will help keep their customers protected no matter what. Our team of dedicated Cyber Heroes have extensive knowledge in all areas of cybersecurity and are always on hand to answer any questions you may have

About ThreatLocker

ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools for the Managed Services Provider (MSP) industry to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities


Recent Posts