One of the government agencies that work on the security of the President of the United States as one of their well-known duties, Secret Service issued a statement that draws attention to compromised Managed Service Providers’ services and networks which cause widespread problems. As a federal law enforcement agency under the Department of Homeland Security, their investigations led to this conclusion. In their report, the Secret Service tells that the increase in the number of compromised service providers, the risk of creating new attack vectors also increases. These attacks include corporate email mimicking scams, ransomware utilization, and POS intrusions.
Hacks date back to 2019
Two well-known ransomware gangs REvil and GandCrab began targeting Managed Service Providers in 2019 and then went on to target their customers directly with then found vulnerabilities. Also, in 2019, a report by threat intelligence company Armor disclosed that they caught at least 13 such service providers that were hacked themselves. This inexorably led to an infrastructure abuse to plant ransomware on their customers’ networks.
A well-known MSP vendor ConnectWise has been the target of such attack in November 2019; attackers exploited the on-premises component named ConnectWise Automate to infiltrate the inner networks of the customers. The company released an internal alert to warn customers about the breach before they patched their API vulnerability on the said component.
NCCIC warned first
Authorities warned about these kinds of threats before, even Secret Service released their bulletin. The first party to warn about these kinds of threats and supposedly state-sponsored attacks on managed service providers were The National Cybersecurity and Communications Integration Center back in October 2018. The warning at that time focused on Chinese hacking groups focusing on cloud-based services to infiltrate their customers.