Homeland Security warning: Hackers targeting MSPs

Print Friendly, PDF & Email

This week, the Department of Homeland Security issued a warning that advanced persistent threat (APT) actors are targeting managed service providers (MSPs) and cloud service providers (CSPs). IT service providers make attractive targets for cybercriminals due to the access they have to their customers’ networks and for the sensitive customer data that they may have stored on their own networks.

In the memo, The National Cybersecurity & Communications Integration Center (NCCIC) notes: “By servicing a large number of customers, IT service providers can achieve significant economies of scale. However, a compromise in one part of an IT service provider’s network can have globally cascading effects, impacting other customers and introducing significant risk.”

Advanced persistent threat (APT) actors are targeting Managed Service Providers (MSPs) and Cloud Service Providers (CSPs). @AnneKCampbell Click To Tweet

According to NCCIC, this activity by APT actors had been ongoing since at least 2016 using a variety of tactics. Research shows a spike in attacks targeting service providers in 2018. Trustwave, a managed security service provider, released a report in April showing that service providers now account for just over 9 percent of all the cyberattacks the firm tracks annually, up from nearly zero in 2017.

Consequences of a successful attack on an MSP

For all of our MSP
blog posts, visit the
Barracuda blog here
and the
Barracuda MSP blog here

Because MSPs can have hundreds of customers, one successful breach or phishing attack can have serious consequences. For example, the Australian Cyber Security Centre’s 2017 Threat Report highlighted a multinational construction services firms that fell victim to a malware attack via an MSP account and ended up being defrauded out of $500,000.

The report explains: “The example highlights the risk that companies can be compromised through their service provider, without either the company or provider knowing. It also demonstrates the types of risks that organizations face when they outsource certain activities, or when they outsource with little consideration to security. When MSPs give other organizations access to their network, it can be exposed to that organization’s security posture — which effectively increasing their own risk.”

Defending MSPs against attack

Although APT actors are highly sophisticated and use a wide variety of techniques, they often use relatively simple attacks that can be caught if service providers have effective email security measures in place, such as Barracuda Essentials. Spear phishing is a popular tool for these groups, and a solution like Barracuda Sentinel, which provides A.I.-based protection from spear phishing and account takeover, can guard against this type of threat.

The lesson for MSPs and CSPs is to practice what you preach and make sure you use the same layered approach to email security that you recommend to your customers. You should also make sure your team gets regular, ongoing training to help them recognize phishing emails and potential threats.

Service providers should also implement multi-factor authentication, review their approach to privileged accounts, and have measures in place to control access for employees, customers, and vendors. It’s also important to have a real-time view into what’s happening on cloud deployments and virtual machines so your team can respond quickly to any unusual activity.

'It's time for #MSPs and #CSPs to review their security strategies and make sure there are sufficient measures in place to protect their businesses and customers.' ~@annekcampbellClick To Tweet

NCCIC recommends that MSPs, CSPs, and their customers have a defense-in-depth strategy in place to protect their infrastructure and increase the likelihood of successfully disrupting APT activity. As a service provider, it’s time to review your security strategy and make sure you’ve taken sufficient measures to protect your business, and ultimately, your customers.

For information on Barracuda MSP Solutions, visit www.barracudamsp.com



Scroll to top