It has been reported the US Secret Service sent out a security alert last month to the US private sector and government organisations warning about an increase in hacks of managed service providers (MSPs). In a security alert sent out on June 12, Secret Service officials said their investigations team (GIOC — Global Investigations Operations Center) has been seeing an increase in incidents where hackers breach MSP solutions and use them as a springboard into the internal networks of the MSP’s customers.
MSP’s are at the forefront in a battle between attackers and their customers. While the end customer has historically been seen as easier prey compared to the relatively hardened target that is an MSP, the potential for mass mayhem is far greater if an MSP drops their guard. Up to date patches and security measures are critical but diligence in password management is a low effort, high impact activity. In that vein we hold regular briefings with our partners outlining the latest Business Email Compromise attacks and provide free security auditing tools to our partner community in the hopes of building awareness around proper password hygiene.