Hackers are using tech services companies as a 'launchpad' for attacks on customers

Alert from international cybersecurity agencies urges IT service providers and their customers to protect networks from attack.
Written by Danny Palmer, Senior Writer

A warning from international cybersecurity agencies has urged IT service providers and their customers to take action to protect themselves from the threat of supply chain attacks.  

The cybersecurity agencies warn that Russia's invasion of Ukraine has increased the risk of cyberattacks against organisations around the world. But they also suggest a number of actions that IT and cloud service providers, along with their customers, can take to protect networks from supply chain attacks, where attackers gain access to a company that provides software or services to many other companies.

"As this advisory makes clear, malicious cyber actors continue to target managed service providers, which is why it's critical that MSPs and their customers take recommended actions to protect their networks," said Jen Easterly, director of US's Cybersecurity and Infrastructure Security Agency (CISA). 

"We know that MSPs that are vulnerable to exploitation significantly increases downstream risks to the businesses and organisations they support. Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain," she added. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

The warning comes from the UK's National Cyber Security Centre (NCSC), CISA, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), along with the National Security Agency (NSA), and Federal Bureau of Investigation (FBI). 

Steps that can be taken to prevent initial compromise include hardening remote access VPN solutions and defending against brute force password-spraying attacks by ensuring users use strong passwords and ensuring that accounts are defended with multi-factor authentication.  

Organisations should also make sure they're able to defend against phishing attacks by having appropriate tools in place to filter out spam emails, as well as educating staff on how to detect potentially malicious messages. 

It's also vital for organisations to monitor their networks and ensure that that logging processes are recorded, as this can help to detect and disrupt suspicious activity and prevent an incident in the first place – as well as being able to build a story of what happened if attackers do breach the network. It's recommended that logs are stored for at least six months, because some cyberattacks can take months to detect

Among other things, it's also recommended that IT suppliers and their customers should apply security updates as soon as possible, in order to prevent potential intruders from being able to exploit known vulnerabilities to gain access to the network.  

It's also vital for suppliers and customers to be transparent about cyber risks and they should clearly define who is responsible for managing systems securely. For example, a customer should fully understand that applying security updates from a supplier is their responsibility and they could be at risk of cyberattacks if they don't follow best-patching procedures. 

SEE: Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches

Not only are supply chain attacks a vital tool in cyber campaigns by hostile nation states, it's also possible for cyber criminals to breach supply chains for the purposes of ransomware and other malware attacks because they know supply chains are such a vital part of the business ecosystem. 

"Managed service providers are vital to many businesses and, as a result, a major target for malicious cyber actors," said Abigail Bradshaw, head of the Australian Cyber Security Centre. 

"These actors use them as launch pads to breach their customers' networks, which we see are often compromised through ransomware attacks, business email compromises and other methods. Effective steps can be taken to harden their own networks and to protect their client information," she added. 

The advice was issued on the second day of the NCSC's Cyber UK conference, where several senior figures from the cybersecurity agencies have met to discuss the threat of global cyber threats. 

"We are committed to further strengthening the UK's resilience, and our work with international partners is a vital part of that," said Lindy Cameron, CEO of the NCSC. 

"Our joint advisory with international partners is aimed at raising organisations' awareness of the growing threat of supply chain attacks and the steps they can take to reduce their risk." 


Editorial standards