Cybersecurity firm Threatlocker and several national cybersecurity authorities are warning of an increase in attacks against managed service providers. The US’ Cybersecurity & Infrastructure Security Agency (CISA) notes that this trend targeting MSPs is expected to continue.
Managed Service Providers and Customers Under Attack
ThreatLocker’s security alert indicates “a large increase in attackers using remote management tools” recently. Managed service providers performing network administration and security, backups, and IT support can unwittingly put themselves and their customers at risk when those tools are compromised. Remote monitoring and management (RMM) tools are being targeted by cybercriminals and threat actors, and government agencies are offering guidance.
These RMM tools from vendors such as ConnectWise, Datto, and Kaseya can grant an attacker access to many more systems. Regardless of what tools an MSP uses to manage clients, CISA and the other authorities have some security recommendations.
Recommendations
- Prevent initial compromise by improving device security, protecting “Internet-facing services,” and defending against phishing attacks
- Enable/improve monitoring and logging processes, in particular storing the most important logs for at least six months as it can take time for an incident to be detected
- Enforce multi-factor authentication (MFA)
- Apply updates regularly, as these often address security issues; managed service providers should be doing this for their own systems as well as their clients’
- Back up data and systems, including on external media and off-site
- Develop incident response and disaster recovery plans
Additional recommendations are listed in CISA’s alert. Everyone with a connection to and/or a presence on the Internet should be taking cybersecurity precautions. Even without an Internet connection, if you plug flash drives or other hardware into your computers, there’s some risk involved. Managed service providers like Microwize have the tools and the experience to monitor your network and mitigate any vulnerabilities. In the end, though, everyone needs to be vigilant and on the lookout for potential threats.