05 Dec Cyberattacks on IT Managed Service Providers (MSPs) directly affecting your businesses.
Cyberattacks on IT Managed Service Providers can directly affect your business
In the ever evolving landscape of cyber threats and attacks, business owners are increasingly finding themselves facing challenging cybersecurity threats, wherein cyber attackers infiltrate these businesses through IT Managed Service Providers (MSPs). These MSPs normally have privileged access to clients’ systems in order to resolve the clients’ IT related issues remotely – so attackers leverage this privilege to get their hands on sensitive data inside core systems.
In the past few days, in the UK, a major cyber attack on CTS, a top Managed Service Provider servicing mostly law firms and other organisations in the british legal sector, impacted numerous law firms causing disruptions in their operations due to service outages.
Attackers are changing their strategy. They are infiltrating and compromising MSPs, so as to gain a backdoor in multiple organisations, being serviced by MSPs. MSPs hold privileged admin-role access to their clientbase’s servers, systems and applications. This makes them an ideal target for cyber criminals seeking to exploit this trust to orchestrate significant and impactful attacks on the end client. In the past months a sharp rise was seen in ‘supply chain’ related players.
From information that made it to the press, the information shared so far related to the CRS incident, points to a ransomware attack. As reported by bleepingcomputer.com the attack is reported to have affected between 80 to 200 law firms, consequently leaving people unable to buy or sell properties due to outages.
How Cyber Attackers Exploit IT MSPs
MSPs are entrusted by their clients, with significant access privileges, in order to manage, maintain and service their IT infrastructure and systems. Once an MSP is compromised, the latter privileges become a powerful tool for cyber criminals to navigate through clients’ systems unnoticed. Since the MSP credentials are utilised, and it is common practice for MSPs to operate in the background, malicious activity may go undetected and unnoticed for an extended period of time. During these weeks or even months in some cases, attackers will gather intelligence which can subsequently be used in more sophisticated attacks such as phishing.
With privileged access to an organisation’ servers and systems, black hat hackers can exfiltrate sensitive data, compromise critical systems or in some cases launch ransomware attacks, causing extensive damage to your business.
Best Practices to Protect your business
When engaging an external IT MSP, carry out thorough due diligence. Vet them properly. Ensure they follow strict security procedures and that they follow robust security practices. Having stringent measures in place to safeguard against cyber threats is a must. On a regular basis, implement security audits and assessments to identify any possible vulnerabilities. Address any found vulnerabilities immediately. Create and regularly update an incident response plan that outlines the steps to be taken in case of a security breach.
This plan should involve your MSP to ensure a coordinated response. Cyber awareness training is of paramount importance. Educate your employees and recommend the same to your IT MSP, about the risks associated with phishing and social engineering, that are common tactics utilised by cyber attackers to gain access to systems as well.
Earlier this year the UK National Cyber Security Centre (NCSC) issued a warning whereby it explained the increased risk when using an IT MSP service, since the attack surface is largely increased. They went on to define MSPs as a “juicy target” for attackers as they manage the IT resources of substantial numbers of customers. This attacking trend is expected to continue and grow.
It is key to recognise that attackers are targeting MSPs to gain unauthorised access to businesses. Always be proactive and take preventive steps to secure your digital assets and mitigate risks posed by these sophisticated attacks. Knowledge and vigilance are crucial to safeguarding your business from potential disruptions.
Focusing on the Maltese business landscape, where practically 50,000 companies rely on sub-contracted IT MSPs to manage their IT needs, it is paramount to sound the alarm about imminent risk. Unfortunately MSPs, in Malta, are becoming the gateway that cyber attackers are starting to exploit to infiltrate and compromise entire IT systems. Prioritise cyber awareness education, conduct end-to-end assessments (including of your MSPs’ security measures) and finally implement stringent protocols to counteract cyber threats.
Book a vulnerability assessment today!