National Cybersecurity and Communications Integration Center (NCCIC) issued an alert via US-CERT alerting information technology (IT) service providers around the globe of an ongoing campaign of APT actors trying to infiltrate their networks.
As detailed in the NCCIC alert, managed service providers (MSP) and cloud service providers (CSP) are the organizations targeted by multiple advanced persistent threat (APT) actors currently attempting to infiltrate their networks by exploiting trust relationships.
MSPs are organizations which provide their customers with remote system and IT management services at a lower cost than the one customers could get by managing them using their own staff.
Because of most IT service providers providing direct access to their customers' networks, an APT actor successfully exploiting its way within an MSP's network could lead to data and monetary losses for all their clients.
APT actors who have been known to take part in attacks targeting MSPs were behind cyber incidents affecting a diverse array of U.S. critical infrastructure sectors, from Energy, Information Technology (IT), Communications, Healthcare, and Public Health, and Critical Manufacturing.
Rigorous credential control and multi-factor authentication among the mitigation measures MSPs can use to protect against attacks
The attackers use a combination of legitimate credentials, trusted applications, and pre-installed system tools to infiltrate the target organization's network, maintaining their anonymity throughout the attack.
Furthermore, when threat actors manage to use legitimate credentials for infiltration, they can also achieve persistence on the compromised systems and obfuscate detection tools.
Once an MSP's network is infiltrated, bad actors' actions can have a severe impact, with loss of sensitive information, regular operation disruption, financial damages due to data restoration costs and reputation losses if the successful attack becomes public knowledge.
MSPs and CSPs targeted by APT actors can use a wide range of protection and detection measures to ensure that their networks will not be compromised, a full list of them is available in NCCIC's "Using Rigorous Credential Control to Mitigate Trusted Network Exploitation" TA18-276A alert.