The US Secret Service sent out a security alert last month to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs).
WHAT ARE MSPs
A managed service provider (MSP) delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers’ premises, in their MSP’s data center (hosting), or in a third-party data center.
MSPs may deliver their own native services in conjunction with other providers’ services (for example, a security MSP providing sys admin on top of a third-party cloud IaaS).
U.S. SECRET SERVICE SENT OUT AN ALERT
In a security alert sent out on June 12, Secret Service officials said their investigations team has been seeing an increase in incidents where hackers breach MSP solutions and use them as a springboard into the internal networks of the MSP’s customers.
Secret Service officials said they’ve been seeing threat actors use hacked MSPs to carry out attacks against point-of-sale systems, to perform business email compromise (BEC) scams, and to deploy ransomware.
THIS IS NOT THE FIRST ALERT
The Secret Service alert is actually the second security alert that US authorities have sent out about attacks on MSPs. The National Cybersecurity and Communications Integration Center (NCCIC) sent out the first one in October 2018 when they warned of ongoing attempts from state-sponsored hacking groups to breach MSPs, and especially attacks targeting cloud-based service providers.
This first alert was sent out at a time when Chinese hacking groups had been focusing on breaching cloud-based managed providers as a way to compromise larger companies through their software supply chain. This time around, the Secret Service is warning of similar attacks, but carried out by day-to-day cybercrime gangs rather than state-sponsored hackers.