Multiple security authorities from Australia and New Zealand as well as the U.S. issued a joint advisor on Wednesday warning about threats to managed service providers (MSPs), and their customers.
The key recommendations are to identify and disable accounts that have been closed, enforce multi-factor authentication (MFA), on MSP accounts that allow customers access, and ensure transparency regarding security roles and responsibilities.
MSPs are attractive targets for hackers to attack their customers. A vulnerable provider is able to be used as an access vector to compromise several downstream customers simultaneously.
The spillover effects of such intrusions, as witnessed in the wake of high-profile breaches aimed at SolarWinds and Kaseya in recent years, have once again underlined the need to secure the software supply chain.
The targeting of MSPs by malicious cyber actors in an effort to “exploit provider-customer network trust relationships” for follow-on activity such as ransomware and cyber espionage against the provider as well as its customer base, the agencies cautioned.
The major security and operational measures outlined in this advisory are as follow –
- Prevent initial compromise by securing internet-facing devices and implementing protections against brute-forcing and phishing attacks
- Provide effective monitoring and logging of your systems
- Secure Remote Access Applications and Mandat MFA Wherever Possible
- Isolate critical business systems and apply appropriate network security safeguards
- Apply the principle of least privilege throughout the network environment
- Deprecate obsolete accounts through periodic audits
- Prioritize security updates for operating systems, applications, and firmware, and
- Regularly test and maintain offline backups to ensure incident recovery.
The Five Eyes alert arrives a week after the U.S. National Institute of Standards and Technology (NIST) published updated cybersecurity guidance for managing risks in the supply chain.
“MSPs should understand their own supply chain risk and manage the cascading risks it poses to customers,” the agencies said. Customers should be able to understand their supply chain risks, as well as those associated with subcontractors or third-party vendors. “