US Secret Service Reports an Increase in Hacked Managed Service Providers (zdnet.com) 29
The US Secret Service sent out a security alert last month to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs). From a report: MSPs provide remote management software for companies. MSPs can be simple services like file-sharing systems to complete solutions that manage a customer's entire computer fleet. Most MSP services are built around a server-client software architecture. The server part can be remotely hosted with the MSP inside a clout infrastructure, or installed on-premise with the client. Usually, getting access to the server component of an MSP grants an attacker full control of all software clients. In a security alert sent out on June 12, Secret Service officials said their investigations team (GIOC -- Global Investigations Operations Center) has been seeing an increase in incidents where hackers breach MSP solutions and use them as a springboard into the internal networks of the MSP's customers. Secret Service officials said they've been seeing threat actors use hacked MSPs to carry out attacks against point-of-sale systems, to perform business email compromise (BEC) scams, and to deploy ransomware.
clout infrastructure (Score:1)
Re: clout infrastructure (Score:1)
or you can hack the Hvac subcontractor to get it (Score:2)
or you can hack the Hvac subcontractor to get it
Re: (Score:1)
Comment removed (Score:3)
Re: (Score:2)
In most states, haircuts are regulated more heavily than technology providers. In my state, there's no licensing process.
Re: (Score:2)
oh you think licenses are to protect the public. no, licenses are to create barriers to the market place or in the case of haircutting, a training requirement that people have to go through ($$ to the haircut schools)
Re: (Score:2)
There really should be barriers to the market place. On anything where screwing up due to inexperience is a huge danger.
Re: (Score:2)
Some of these companies would benefit from complying with even obsolete standards. Just look at how often you find a company still using unsalted MD5 hashes for passwords. Or even plaintext passwords...or social security numbers.
If I need to have licensing then I want an union! (Score:2)
If I need to have licensing then I want an union!
Re: (Score:2)
Why is it that people would rather have a union than be self-employed?
Re: (Score:2)
Re: (Score:2)
But I really don't think the licensing should be at the individual level - just the business entity (sole proprietor or otherwise). As that's really what makes sense.
That's where the data is (Score:4, Insightful)
No shock. More and more companies are moving data to the "cloud". That makes "cloud" providers much more interesting to hackers, thieves, nation states, etc.
Re: (Score:2)
The cloud is just someone else's computer. And who owns that computer can change at a moment's notice.
This just in... (Score:2)
Things cloud are subject to hackers and hackers have been hacking. Be scared!
For real though, why isn't there ever anything specific mentioned, like oh I don't know, the actual fucking MSPs that have been compromised?
Re: (Score:3)
There is a link in the article to ~13 MSPs that were hacked in 2019.
Re: (Score:2)
You're correct. Please mod parent up.
Here's the list:
Apex Human Capital Management
Payroll services
CloudJumper
IT services
IT By Design
IT services
MetroList
Real estate brokers
CorVel
Work & healthcare
PM Consultants
Dental services
iNSYNQ
Accounting
TSM Consulting
IT services
PerCSoft
Any good tips? (Score:3)
Any good ideas on how to manage the threats for remote management tools, since the Secret Service “best practices” are pretty worthless? Our IT consultant uses Team Viewer for desktop support and server management. I can firewall it off with DPI, but that most likely will end up closing the barn door after the horses escaped. I haven’t found good ways to monitor the use either... and when computers are outside our network it would be easy enough for a more persistant/robust connection to be enabled.
Re: (Score:2)
Re: (Score:2)
For us, we keep control of the network (and phones) and the MSP deals with Windows environment. It was the most practical approach on our end. They claim they use 2FA for all their tools, and are going to document everything for us... but I wonder how companies that don’t have any internal respurces deal with it.
Our MSP seems to think a 2-day outage is not a big deal unfortunately. Getting a higher level of service at 50 person company level is hard though.
Re: (Score:2)
New gen Z term? (Score:2)
The server part can be remotely hosted with the MSP inside a clout infrastructure, or installed on-premise with the client.
It was only a matter of time
Who got hacked?! (Score:2)
The article says dozens of MSP were hacked but the article doesn't say who and only provides a link to an older article of 13 hacks in 2019.
What's the point of this "news" if the one critical piece of information important to customers/users isn't there?
It's because of good marketing (Score:2)
A lot of MSPs are very good at marketing, but very bad at providing skilled IT professionals.
Many MSPs remind me of an old commercial that showed cell phone marketers climbing cell phone towers because the company only had marketers, but no cell service techs.