What higher solution to enter a focused system than via a agency that already has entry to the focused agency. The tactic is just not new. In truth, attacking a goal via its weakest hyperlink is a tried and true methodology. For that reason, managed service suppliers (MSPs), firms which can be employed to handle the IT infrastructure of different corporations, have grow to be a well-liked level of assault for entry to a focused firm. Attackers use focused emails to entry the management techniques of MSPs. As soon as within the system, attackers use lateral motion or administrative credentials to realize entry into different techniques.
These assaults via MSPs are sometimes categorized as advanced persistent threats (APTs). The FBI just lately launched a document that warned MSPs of such targeted attacks. As famous within the doc, “This group closely targets managed service suppliers (MSPs) who present cloud computing companies, industrial and governmental purchasers of MSPs, in addition to protection contractors and governmental entities. APT10 makes use of varied methods for preliminary compromise together with spear phishing and malware. After preliminary compromise, this group seeks MSP administrative credentials to pivot between MSP cloud networks and buyer techniques to steal information and keep persistence. This group has additionally used spear phishing to ship malicious payloads and compromise victims.”
Take a while to overview the doc and decide in case you are in danger for comparable assaults. FireEye has data on APT groups. Their aim is to not disrupt the attacked agency, however to silently infiltrate techniques to realize extra data.
The right way to forestall assaults via an MSP
In response to international incidences of compromise via MSPs, the Australian Cyber Security Centre issued tips to assist forestall such assaults. They embody:
