The U.S. Secret Service issued a warning about an increase in hacks targeting managed service providers, or MSPs, of both the U.S. private sector and various government entities.
According to a document published by ZDNet on June 7, threat actors have been widely relying on ransomware attacks, point-of-sale intrusions, and business email compromise scams to breach the internal networks of MSP customers.
Remote management software under threat
MSPs are service providers related to remote management software for enterprises, including file-sharing systems for internal networks, which could also be hosted inside a cloud infrastructure.
U.S. Secret Service officials issued a warning, stating in part that:
“Due to the fact a single MSP can service a large number of customers, cybercriminals are specifically targeting these MSPs to conduct their attacks at scale to infect multiple companies through the same vector.”
Ransomware gangs target MSPs
In 2019, ransomware groups like GandCrab and REvil became known for targeting MSPs to deploy their attacks. Threat intelligence firm, Armor, reported at least 13 MSPs were hacked in the same year.
This is the second alert from U.S. authorities about MSP-related vulnerabilities. The National Cybersecurity and Communications Integration Center, or NCCIC, raised red flags over this issue as well back in October 2018.
On May 27, Cointelegraph reported that the Blue Mockingbird malware gang infected more than 1,000 business systems with Monero (XMR) mining malware.