FBI, CISA, And NSA Warn Of Hackers Increasingly Targeting MSPs

By   ISBuzz Team
Writer , Information Security Buzz | May 12, 2022 06:15 am PST

A Joint Advisory released today by members of the Five Eyes intelligence alliance warned MSPs and their customers that they’re being targeted by supply chain attacks. Excerpts:

This joint Cybersecurity Advisory (CSA) provides actions MSPs and their customers can take to reduce their risk of falling victim to a cyber intrusion. This advisory describes cybersecurity best practices for information and communications technology (ICT) services and functions, focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data

Among many recommendations, the advisory recommends the following preventive measures ands provides links to resources.

  • Improve security of vulnerable devices
  • Protect internet-facing services
  • Defend against brute force and password spraying
  • Defend against phishing
  • Enable/improve monitoring and logging processes.
  • Enforce multifactor authentication (MFA).
  • Manage internal architecture risks and segregate internal networks.
  • Apply the principle of least privilege.
  • Deprecate obsolete accounts and infrastructure.