US Secret Service reports an increase in hacked managed service providers (MSPs)

US Secret Service

The US Secret Service sent out a security alert last month to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs).

MSPs provide remote management software for companies. MSPs can be simple services like file-sharing systems to complete solutions that manage a customer’s entire computer fleet.

Most MSP services are built around a server-client software architecture. The server part can be remotely hosted with the MSP inside a cloud infrastructure, or installed on-premise with the client. Usually, getting access to the server component of an MSP grants an attacker full control of all software clients.

Secret Service alert sent out last month

In a security alert sent out on June 12, Secret Service officials said their investigations team (GIOC — Global Investigations Operations Center) has been seeing an increase in incidents where hackers breach MSP solutions and use them as a springboard into the internal networks of the MSP’s customers.

Coinbase 2

Secret Service officials said they’ve been seeing threat actors use hacked MSPs to carry out attacks against point-of-sale systems, to perform business email compromise (BEC) scams, and to deploy ransomware.

The alert, which ZDNet obtained a copy here, contains best practices to be implemented by MSPs and their respective customers.

Tens of MSP hacks in 2019

Attacks against MSPs have only recently made the headlines, with a surge in attacks in 2019, when ransomware gangs such as GandCrab or REvil (Sodinokibi) began targeting MSPs and then infect their customers.

In a report published in October 2019, threat intelligence firm Armor said it identified at least 13 MSPs that were hacked in 2019 and had their infrastructure abused to deploy ransomware on the networks of their customers.

In a phone call today with ZDNet, Kyle Hanslovan, CEO at Huntress Labs, said his company provided support in at least 63 incidents of MSP hacks in 2019 that resulted in ransomware on customer networks; however, Hanslovan suspects the number of total incidents to be well over 100 last year.

One of the largest MSP vendors on the market, ConnectWise, has had its products and services often targeted by hackers. In November 2019, ConnectWise sent out an internal alert to its customers about ransomware gangs exploiting improperly configured installations of its on-premise ConnectWise Automate product to breach customer networks and deploy file-encrypting payloads.

In June 2020, ConnectWise patched an Automate API vulnerability that hackers had also used to breach companies and deploy ransomware. ZDNet has been told that this vulnerability and the subsequent exploitation is what prompted the Secret Service to send out its alert.

The Secret Service alert is actually the second security alert that US authorities have sent out about attacks on MSPs. The National Cybersecurity and Communications Integration Center (NCCIC) sent out the first one in October 2018 when they warned of ongoing attempts from state-sponsored hacking groups to breach MSPs, and especially attacks targeting cloud-based service providers.

This first alert was sent out at a time when Chinese hacking groups had been focusing on breaching cloud-based managed providers as a way to compromise larger companies through their software supply chain. This time around, the Secret Service is warning of similar attacks, but carried out by day-to-day cybercrime gangs rather than state-sponsored hackers.

US Secret Service reports an increase in hacked managed service providers (MSPs) 1
blank
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 37,561.00
ethereum
Ethereum (ETH) $ 2,567.48
tether
Tether (USDT) $ 0.999798
binance-coin
Binance Coin (BNB) $ 325.03
cardano
Cardano (ADA) $ 1.34
xrp
XRP (XRP) $ 0.706905
usd-coin
USD Coin (USDC) $ 0.998596
dogecoin
Dogecoin (DOGE) $ 0.195103
polkadot
Polkadot (DOT) $ 18.16
binance-usd
Binance USD (BUSD) $ 0.991362
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 37,561.00
ethereumEthereum (ETH)
$ 2,567.48
tetherTether (USDT)
$ 0.999798
bitcoin-cashBitcoin Cash (BCH)
$ 525.84
litecoinLitecoin (LTC)
$ 137.13
bitcoinBitcoin (BTC)
31.593,12
ethereumEthereum (ETH)
2.159,55
tetherTether (USDT)
0,840945
bitcoin-cashBitcoin Cash (BCH)
442,29
litecoinLitecoin (LTC)
115,34
bitcoinBitcoin (BTC)
26,960.72
ethereumEthereum (ETH)
1,842.90
tetherTether (USDT)
0.717640
bitcoin-cashBitcoin Cash (BCH)
377.44
litecoinLitecoin (LTC)
98.43

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

blank
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin37,897 0.54 % 2.80 % 5.33 %
Ethereum2,617.1 0.75 % 0.93 % 13.80 %
Tether1.000 0.30 % 0.46 % 0.52 %
Binance Coin327.49 0.19 % 1.04 % 4.39 %
Cardano1.360 0.13 % 0.85 % 5.75 %
XRP0.7135 0.18 % 0.90 % 1.49 %
USD Coin1.000 0.12 % 0.25 % 0.16 %
Dogecoin0.1970 0.12 % 1.44 % 5.50 %
Polkadot18.41 0.32 % 0.82 % 26.56 %
Binance USD0.9997 0.08 % 1.05 % 0.16 %

bitcoin
Bitcoin (BTC) $ 37,561.00
ethereum
Ethereum (ETH) $ 2,567.48
tether
Tether (USDT) $ 0.999798
binance-coin
Binance Coin (BNB) $ 325.03
cardano
Cardano (ADA) $ 1.34
xrp
XRP (XRP) $ 0.706905
usd-coin
USD Coin (USDC) $ 0.998596
dogecoin
Dogecoin (DOGE) $ 0.195103
polkadot
Polkadot (DOT) $ 18.16
binance-usd
Binance USD (BUSD) $ 0.991362