How to prevent and recover from an APT attack through a managed service provider

Threat actors are compromising their targeted victims through managed service providers (MSPs). These are the steps to take to minimize your exposure and to recover from these attacks if necessary.

What better way to enter a targeted system than through a firm that already has access to the targeted firm. The tactic is not new. In fact, attacking a target through its weakest link is a tried and true method. For this reason, managed service providers (MSPs), companies that are hired to manage the IT infrastructure of other firms, have become a popular point of attack for entry to a targeted company. Attackers use targeted emails to access the control systems of MSPs. Once in the system, attackers use lateral movement or administrative credentials to gain access into other systems.

These attacks through MSPs are often classified as advanced persistent threats (APTs). The FBI recently released a document that warned MSPs of such targeted attacks. As noted in the document, “This group heavily targets managed service providers (MSPs) who provide cloud computing services, commercial and governmental clients of MSPs, as well as defense contractors and governmental entities. APT10 uses various techniques for initial compromise including spear phishing and malware. After initial compromise, this group seeks MSP administrative credentials to pivot between MSP cloud networks and customer systems to steal data and maintain persistence. This group has also used spear phishing to deliver malicious payloads and compromise victims.”

Take some time to review the document and determine if you are at risk for similar attacks. FireEye has information on APT groups. Their goal is to not disrupt the attacked firm, but to silently infiltrate systems to gain more information.

How to prevent attacks through an MSP

In response to global incidences of compromise through MSPs, the Australian Cyber Security Centre issued guidelines to help prevent such attacks. They include:

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!