Secret Service Alert Provides Cybersecurity Wake-Up Call for MSPs

MSPs have taken a closer look at their cybersecurity in response to a U.S. Secret Service alert of escalating attacks against the providers.

According to the Secret Service alert, a single MSP can service a large number of customers. Therefore cybercriminals are specifically targeting these MSPs to conduct their attacks at scale to infect multiple companies through the same vector, the agency said.

MSPs utilize multiple open source and enterprise software applications to facilitate remote administration, it said. In the event of an MSP compromise, bad actors often use these applications to access their customers’ networks and conduct attacks.

Cybercriminals are leveraging compromised MSPs to conduct a variety of attacks, the agency said. Those include point-of-sale intrusions, business email compromise (BEC) and specifically ransomware attacks.

The agency’s investigations team, the Global Investigations Operations Center, has been seeing an increase in incidents where hackers breach MSP solutions. And they use them as a springboard into the internal networks of the MSP’s customers.

MSPs Respond

Elon Grad is Platte River Networks‘ vice president of technology and innovation. He said as an MSP, “you’re a trusted advisor to your clients.”

Platte River Networks’ Elon Grad

“Maintaining cyber security practices at the highest standard are foundational to protecting your business and your clients,” he said. “We often make recommendation to our clients about improving their cyber security standards, but we also need to look internally and practice what we preach.”

Enterprise Networking Solutions (ENS-Inc) is a California-based MSP. Chad Hodges, it’s executive vice president, said in these “unprecedented times, security has become paramount.”

Enterprise Networking Solutions’ Chad Hodges

“With our nation’s workforce compelled to work from home and telework for the majority of the time, our enterprises are exposed to an attack surface that we have not seen on a global scale,” he said. “As MSPs, it has become important to make sure that any endpoints connecting to our environments are secure and protected. Our clients have been very receptive to our mutual efforts to ensure we limit the potential attack surface, and we appreciate their willingness to work with us as a provider of their critical services.”

The agency offers best practices for MSPs:

• Have a well-defined service level agreement (SLA).
• Ensure remote administration tools are patched and up to date.
• Enforce least privilege for access to resources.
• Have well-defined security controls that comply with end users’ regulatory compliance.
• Perform annual data audits.
• Take into consideration local, state and federal data compliance standards.
• Proactively conduct cyber training and education programs for employees.

Best practices for MSP customers include:

• Audit SLA.
• Audit remote administration tools used in your environment.
• Enforce two-factor authentication (2FA) for all remote logins.