Best News Network

Beware of state actors stepping up attacks on managed service providers: Cyber agencies | ZDNet

harbour-msp-8.jpg

The agencies responsible for cybersecurity from the United States, United Kingdom, Australia, and Canada have issued a second alert this week, stating that attacks on managed service providers (MSP) are expected to increase.

The advisory states that if an attacker is able to compromise a service provider, then ransomware or espionage activity could be conducted throughout a provider’s infrastructure, and attack its customers.

“Whether the customer’s network environment is on premises or externally hosted, threat actors can use a vulnerable MSP as an initial access vector to multiple victim networks, with globally cascading effects,” the nations advised.

“NCSC-UK, ACSC, CCCS, CISA, NSA, and FBI expect malicious cyber actors — including state-sponsored advanced persistent threat groups — to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships.”

For the purposes of this advice, the MSP definition covers IaaS, PaaS, SaaS, process and support services, as well as cybersecurity services.

In pretty obvious advice, the initial recommendation is to not get compromised in the first place. Beyond that, users are advised to adopt familiar set of advice such as: Improve monitoring and logging, update software, have backups, use multi-factor authentication, segregate internal networks, use a least privilege approach, and remove old user accounts.

It is advised that users check contracts contain clauses to ensure MSPs have sufficient security controls in place.

“Customers should ensure that they have a thorough understanding of the security services their MSP is providing via the contractual arrangement and address any security requirements that fall outside the scope of the contract. Note: contracts should detail how and when MSPs notify the customer of an incident affecting the customer’s environment,” the advisory states.

“MSPs, when negotiating the terms of a contract with their customer, should provide clear explanations of the services the customer is purchasing, services the customer is not purchasing, and all contingencies for incident response and recovery.”

Related Coverage

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.