Hackers using MSPs as staging ground to launch ransomware attacks: US Secret Service

The U.S. Secret Service has warned private and government organisations that hackers are targeting Managed Service Providers (MSPs) and are using them as staging grounds for ransomware attacks and to carry out BEC scams.

Ransomware attacks targeting government and private organisations in the U.S. and the EMEA region have seen a steep rise over the past few months, shutting operations, impacting productivity, and forcing organisations to pay hackers millions of pounds to recover their files.

Just a few weeks ago, the University of California San Francisco (UCSF) paid approximately $1.14 million to a hacker group called Netwalker in ransom after the group encrypted servers associated with the university's School of Medicine.

A new report from ZDNet has now revealed that the U.S. Secret Service sent out a security alert to private and government organisations in the U.S., warning them that hackers are targeting Managed Service Providers (MSPs) and are using their shared networks with larger corporations to infiltrate malware and to carry out BEC scams.

One vulnerable MSP can compromise the security of multiple organisations

Secret Service warned that since MSPs service a large number of organisations at the same time through remote administration tools, cyber criminals are specifically targeting MSPs to conduct their attacks at scale to infect multiple companies through the same vector.

"MSPs utilise multiple open source and enterprise software applications in the facilitation of remote administration. In the event of an MSP compromise, these applications are often used by bad actors to access their customers' networks and conduct attacks.

"Cyber criminals are leveraging compromised MSPs to conduct a variety of attacks including point-of-sale intrusions, business email compromise (BEC), and specifically ransomware attacks," the security alert read.

Secret Service added that in order to prevent bad actors from leveraging MSPs to conduct cyber attacks, organisations must audit service level agreements, audit remote administration tools deployed in their environments, enforce two-factor authentication for all remote logins, and restrict administrative access during remote logins.

At the same time, organisations must enforce least privilege for access to resources, utilise secure networks and system infrastructure capable of meeting security requirements, and should proactively conduct cyber training and education programmes for employees.

Organisations must re-think their third party risk management strategies to minimise exposure

Commenting on the security alert issued by the U.S. Secret Service, Dan Panesar, Director UK & Ireland at Securonix, said that the fact that MSPs are increasingly target by ransomware attacks and other exploits proves that security is not understood to the extent that it should be.

"Organisations that process sensitive information should prioritise security; this means increasing the budget for cybersecurity and conducting courses to educate employees about how to best protect delicate information. Even though it may seem expensive, it will be significantly cheaper than a data breach. It is important to remember that even though you rely on a MSP or MSSP, you are still culpable for the information that you own," he added.

"Attackers concentrate their malicious efforts on MSPs because they are now a low-hanging fruit. Worse, most of the successful intrusions are never detected or reported given that the attackers have strong incentives to conceal the breach that may otherwise trigger an investigation that may depreciate the value of stolen data or even bring a SWAT team to their homes," says Ilia Kolochenko, Founder & CEO ImmuniWeb.

"We will likely see a steady proliferation of well-thought-out attacks against MSPs, targeting their clients' data. Organizations should re-think their third party risk management strategies, making them adjustable and proportional to the risk on a case-per-case basis," he adds.

MORE ABOUT: