CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers.
The cybersecurity authorities of the UK, Australia, Canada, New Zealand, and the US have observed a recent increase in malicious cyber activity against managed service providers (MSPs). Allied cybersecurity authorities expect state-sponsored cyber actors to increase their targeting of MSPs in an attempt to exploit provider-customer trust relationships. This advisory includes security guidance tailored for both MSPs and their customers.
AA22-131A Alert, Technical Details, and Mitigations
Technical Approaches to Uncovering and Remediating Malicious Activity
Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses
APTs Targeting IT Service Provider Customers
ACSC's Managed Service Providers: How to manage risk to customer networks
Global Targeting of Enterprise Managed Service Providers
Cyber Security Considerations for Consumers of Managed Services
How to Manage Your Security When Engaging a Managed Service Provider
Kaseya Ransomware Attack: Guidance for Affected MSPs and their Customers
Baseline Cyber Security Controls for Small and Medium Organizations
Actions to take when the cyber threat is heightened
Top 10 IT Security Action Items to Protect Internet Connected Networks and Information
CCCS's Alert: Malicious Cyber Activity Targeting Managed Service Providers
CISA Cybersecurity Alert: APT Activity Exploiting MSPs (2018)
CISA Cyber Essentials and CISA Cyber Resource Hub
Improving Cybersecurity of Managed Service Providers
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at email@example.com or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.