Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

US Secret Service reports an increase in hacked managed service providers (MSPs)

July 7, 2020
in Internet Security
US Secret Service reports an increase in hacked managed service providers (MSPs)
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The US Secret Service sent out a security alert last month to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs).

MSPs provide remote management software for companies. MSPs can be simple services like file-sharing systems to complete solutions that manage a customer’s entire computer fleet.

You might also like

Singapore eyes more cameras, technology to boost law enforcement

Free cybersecurity tool aims to help smaller businesses stay safer online

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

Most MSP services are built around a server-client software architecture. The server part can be remotely hosted with the MSP inside a cloud infrastructure, or installed on-premise with the client. Usually, getting access to the server component of an MSP grants an attacker full control of all software clients.

Secret Service alert sent out last month

In a security alert sent out on June 12, Secret Service officials said their investigations team (GIOC — Global Investigations Operations Center) has been seeing an increase in incidents where hackers breach MSP solutions and use them as a springboard into the internal networks of the MSP’s customers.

Secret Service officials said they’ve been seeing threat actors use hacked MSPs to carry out attacks against point-of-sale systems, to perform business email compromise (BEC) scams, and to deploy ransomware.

The alert, which ZDNet obtained a copy here, contains best practices to be implemented by MSPs and their respective customers.

Tens of MSP hacks in 2019

Attacks against MSPs have only recently made the headlines, with a surge in attacks in 2019, when ransomware gangs such as GandCrab or REvil (Sodinokibi) began targeting MSPs and then infect their customers.

In a report published in October 2019, threat intelligence firm Armor said it identified at least 13 MSPs that were hacked in 2019 and had their infrastructure abused to deploy ransomware on the networks of their customers.

In a phone call today with ZDNet, Kyle Hanslovan, CEO at Huntress Labs, said his company provided support in at least 63 incidents of MSP hacks in 2019 that resulted in ransomware on customer networks; however, Hanslovan suspects the number of total incidents to be well over 100 last year.

One of the largest MSP vendors on the market, ConnectWise, has had its products and services often targeted by hackers. In November 2019, ConnectWise sent out an internal alert to its customers about ransomware gangs exploiting improperly configured installations of its on-premise ConnectWise Automate product to breach customer networks and deploy file-encrypting payloads.

In June 2020, ConnectWise patched an Automate API vulnerability that hackers had also used to breach companies and deploy ransomware. ZDNet has been told that this vulnerability and the subsequent exploitation is what prompted the Secret Service to send out its alert.

The Secret Service alert is actually the second security alert that US authorities have sent out about attacks on MSPs. The National Cybersecurity and Communications Integration Center (NCCIC) sent out the first one in October 2018 when they warned of ongoing attempts from state-sponsored hacking groups to breach MSPs, and especially attacks targeting cloud-based service providers.

This first alert was sent out at a time when Chinese hacking groups had been focusing on breaching cloud-based managed providers as a way to compromise larger companies through their software supply chain. This time around, the Secret Service is warning of similar attacks, but carried out by day-to-day cybercrime gangs rather than state-sponsored hackers.


Credit: Zdnet

Previous Post

Mangalore University College organizes webinar on Artificial Intelligence & Machine Learning

Next Post

How to Integrate AI into Drupal: 7 Drupal 8 AI Modules

Related Posts

Singapore eyes more cameras, technology to boost law enforcement
Internet Security

Singapore eyes more cameras, technology to boost law enforcement

March 2, 2021
Free cybersecurity tool aims to help smaller businesses stay safer online
Internet Security

Free cybersecurity tool aims to help smaller businesses stay safer online

March 2, 2021
Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit
Internet Security

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

March 1, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
Next Post
How to Integrate AI into Drupal: 7 Drupal 8 AI Modules

How to Integrate AI into Drupal: 7 Drupal 8 AI Modules

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Singapore eyes more cameras, technology to boost law enforcement
Internet Security

Singapore eyes more cameras, technology to boost law enforcement

March 2, 2021
Why do companies fail to stop breaches despite soaring IT security investment?
Internet Privacy

Why do companies fail to stop breaches despite soaring IT security investment?

March 2, 2021
Tweaking Algorithmic Filtering to Combat Fake News
Data Science

Tweaking Algorithmic Filtering to Combat Fake News

March 2, 2021
Machine Learning Cuts Through the Noise of Quantum Computing
Machine Learning

Machine Learning Cuts Through the Noise of Quantum Computing

March 2, 2021
Google’s Tensorflow Certification & What I’ve Learned Since
Neural Networks

Google’s Tensorflow Certification & What I’ve Learned Since

March 2, 2021
Apple’s data-collection ‘nutrition labels’ for apps will begin appearing next week
Digital Marketing

Pinterest powers up creators during stressful times: Monday’s daily brief

March 2, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Singapore eyes more cameras, technology to boost law enforcement March 2, 2021
  • Why do companies fail to stop breaches despite soaring IT security investment? March 2, 2021
  • Tweaking Algorithmic Filtering to Combat Fake News March 2, 2021
  • Machine Learning Cuts Through the Noise of Quantum Computing March 2, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates