A warning from international cybersecurity agencies has urged IT service providers and their customers to take action to protect themselves from the threat of supply chain attacks.
Cyber security agencies warn that the Russian invasion of Ukraine has increased the risk of cyber attacks against organizations around the world. But they also suggest a number of measures that IT and cloud service providers, along with their customers, can take to protect networks from supply chain attacks, as attackers gain access to a company that provides software or services to many other businesses.
Jane Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said:
“We know that exploit-vulnerable MSPs greatly increase the bottom line risk for businesses and the organizations they support. Securing MSPs is critical to our collective cyber defense, and CISA and our joint and international partners are committed to enhancing their security and improving the resilience of our global supply chain.”
be seen: Successful cyber security strategy (ZDNet Special Report)
The warning comes from the UK’s National Cyber Security Center (NCSC), CISA, the Australian Center for Cyber Security (ACSC), the Canadian Center for Cyber Security (CCCS), and the New Zealand National Cyber Security Center (NZ NCSC), along with the National Security Agency. . (NSA), and the Federal Bureau of Investigation (FBI).
Steps that can be taken to prevent initial breaches include strengthening remote access VPN solutions, defending against strong-password brute force attacks by ensuring users use strong passwords, and ensuring that accounts are protected with multi-factor authentication.
Organizations must also ensure that they can defend against phishing attacks by providing the right tools to filter out spam emails, as well as educating employees on how to spot potentially malicious messages.
It’s also essential for organizations to monitor their networks and make sure logs are logged, as this can help detect and disable suspicious activity and prevent an accident in the first place—as well as being able to build a story about what happened if attackers compromise the network. It is recommended that logs be stored for at least six months, as it can take months for some cyber attacks to be detected.
Among other things, it is also recommended that IT vendors and their customers implement security updates as soon as possible, in order to prevent potential intruders from being able to exploit known vulnerabilities to gain access to the network.
It is also essential for suppliers and customers to be transparent about cyber risks and should clearly define who is responsible for securely managing systems. For example, a customer must fully understand that implementing security updates from a supplier is their responsibility and could be at risk of cyberattacks if they do not follow better patching procedures.
See: Cloud computing security: New guidelines aim to keep your data safe from cyberattacks and breaches
Not only is supply chain attacks a vital tool in the cyber campaigns of hostile countries, but it is also possible for cybercriminals to infiltrate supply chains for the purposes of ransomware and other malware attacks because they know that supply chains are a vital part of the business ecosystem.
“Managed service providers are vital for many businesses and, as a result, a prime target for malicious cyber actors,” said Abigail Bradshaw, chair of the Australian Cyber Security Centre.
“These actors use them as launching pads to infiltrate their customers’ networks, which we often see get compromised by ransomware attacks, business email hacks and other methods. Effective steps can be taken to strengthen their own networks and protect their customers’ information,” she added.
The advice was issued on the second day of the NCSC’s Cyber UK conference, where several dignitaries from cyber security agencies met to discuss the threat of global cyber threats.
“We are committed to strengthening the UK’s resilience even further, and our work with international partners is a vital part of that,” said NCSC Chief Executive Lindy Cameron.
“Our joint consultations with our international partners aim to increase organizations’ awareness of the increasing threat of supply chain attacks and the steps that can be taken to reduce their risks.”