"U.S., Allies Warn of Rising Recent And Future Attacks on Managed Service Providers"
Cybersecurity authorities in the U.S., U.K., Australia, Canada, and New Zealand have recently released a joint advisory warning that they expect malicious cyber actors, including state-sponsored advanced persistent threat (APT) groups, to step up their targeting of managed service providers, and urged a renewed focus on cyber hygiene. Managed service providers (MSPs) manage and sometimes provide IT services for other entities, such as hosting or platform services, creating a situation where businesses and many governments have to trust that the MSP is secure. The advisory noted that whether the customer’s network environment is on premises or externally hosted, threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects. The authorities said they “are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.” The authorities warned that an attacker gaining access to an MSP can provide a ready vector to target that MSP’s customers for “follow-on activity such as ransomware and cyber espionage.” REvil, the Russia-based ransomware group, compromised as many as 50 MSPs in its July 2021 attack on IT tech management firm Kaseya, which enabled attacks on as many as 1,500 MSP clients.