Cybersecurity agencies in the United States, United Kingdom, Australia and Canada issued their second alert this week. State Attacks on managed service providers (MSPs) are expected to increase.
The advisory states that if an attacker could endanger a service provider, ransomware or espionage could be carried out across the provider’s infrastructure and attack its customers.
“Whether the customer’s network environment is on-premises or hosted externally, an attacker could use the vulnerable MSP as an initial access vector to multiple victim networks, resulting in a global cascading effect.” Each country advised.
“NCSC-UK, ACSC, CCCS, CISA, NSA, and the FBI allow malicious cyber attackers (including highly state-sponsored persistent threat groups) to abuse the trusting relationships between providers and customers’ networks. We look forward to strengthening the MSP’s target in our efforts.
For the purposes of this advice, the MSP definition covers IaaS, PaaS, SaaS, process and support services, and cyber security services.
With pretty straightforward advice, the first recommendation is not to compromise in the first place. Other than that, we’ve adopted a set of familiar tips such as improved monitoring and logging, software updates, backup creation, use of multi-factor authentication, internal network isolation, use of a least privileged approach, and deletion of old user accounts. It is recommended to do.
Users are encouraged to ensure that the contract contains clauses to ensure that MSP has adequate security controls in place.
“Customers must fully understand the security services that MSP provides through contractual arrangements and address security requirements outside the scope of the contract. Note: In the contract, when and how MSP gives the customer. We need to elaborate on what to notify. Incidents that affect your environment. ”
“When negotiating terms and conditions with a customer, MSP needs to be clear about the services that the customer is purchasing, the services that the customer is not purchasing, and all contingencies for incident response and recovery. there is.”