Share This:

What is the Issue?

The National Cybersecurity and Communications integration center identified ongoing APT (advanced persistent threat) attempting to infiltrate networks of managed service providers (MSPs). APT actors are leveraging legitimate credentials to exploit trusted network relationships and allowing these actors to access other trusted networks.

Why is this noteworthy?

MSPs provide remote management of their customers IT systems and have direct access to their customers’ networks and a compromise in one part of an MSP’s network can spread to all their customers. Compromised MSP credentials can allow an attacker bidirectional movement between MSP and its customers shared networks.

What is the exposure or risk?

Successful network intrusion can have severe impacts to the affected organization and can result in loss of sensitive or proprietary information. Financial losses from the breach and potential harm to the organization reputation.

What are the recommendations?

In accordance with NCCIC and the U.S. Government, SKOUT recommends that you review credential and privileged access management, as well as remote access control. We also recommend auditing legitimate remote access logs to verify if the activity is authorized. If you use an MSP to provide a service, restricting access to networks and system deemed critical will contain an APT’s actor’s movement. Restrict MSP accounts by time or date and ensure MSP accounts are not assigned to administrator groups.
References:
For more in-depth information about the recommendations, please visit the following link at US-CERT:
  1. · https://www.us-cert.gov/ncas/alerts/TA18-276B
  2. · https://www.us-cert.gov/ncas/alerts/TA18-276A

Share This:

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published.