Recently, the Department of Homeland Security issued a warning that hackers are exploiting Cloud Service Providers (CSP) and Managed Service Providers (MSP) systems to reach end-client networks. This confirms small businesses are the new attack vector for cybercriminals, and alerts us to their inclination to infiltrate secure networks by means of exploiting vendor relationships. According to Continuum;
“Hackers are attacking MSPs, MSSPs, and CSPs as the weak link in a supply chain to get to their customers, exploiting the trusted relationship between provider and customer. The attacks occur by using compromised legitimate MSP credentials (e.g., administration, domain, user) and implanted malware on systems owned by the MSP, allowing remote access for the attacker while advanced persistent threat (APT) actors move laterally between an MSP and its customers’ shared networks. It’s this lateral movement between networks that lets APT actors easily evade detection measures and maintain a presence on the victims’ networks. The attacker could then launch attacks on the end-customer, using the MSP’s systems, so all the activity would appear to come from the MSP.”
We’re facing a very serious threat, and we’d like to pass on our advice on how to best mitigate it.
According to the alert, there are three key details that we should be aware of:
- The attacks utilize stolen credentials. This means multi-factor authentication is critical in securing end-clients. NSDS will continue to implement and stress this with our customers.
- Signature-based malware detection is insufficient in protecting against the initial infection. We encourage a robust variety of malware detection provisions, and can recommend and implement several for you.
- Because attackers used common admin tools to move laterally to end-customer networks, the need for layering additional security onto, and more tightly-controlled Remote Desktop Protocol is apparent. This includes strong authentication for remote connections. We will ensure that any clients utilizing RMM have the most secure authentication procedures are in place.
Continuum issued strong recommendations that MSP’s like North Shore Data Services evaluate how they connect to and oversee their customer networks. We are committed to advanced endpoint protection on all systems, and have isolated any others onto separate networks. We are also, per Continuum’s advice, leveraging DNS protection as a secondary line of defense, as well as ensuring multi-factor authentication for all remote access.
Lastly, the ability to detect threat and respond rapidly is paramount. We have an incident response protocol in place that we are prepared to deploy immediately, if necessary. We are proud to offer a multifaceted approach to security and are committed to adhering to and surpassing the most rigorous of threat protection recommendations.
If you’d like to learn more about current cyber threats, or discuss the ways North Shore can protect your data, please reach out to us at (978) 988-0201, or email us at firstname.lastname@example.org.