As Homeland Security Calls Out ‘Advanced Persistent Threat Activity Exploiting MSPs,’ Infinitely Virtual CEO Cautions SMBs

In yet another warning shot aimed at alerting SMBs of stealth IT risks, the Department of Homeland Security has identified Managed Service Provider software as a security threat – one Adam Stern, CEO of cloud hosting pioneer Infinitely Virtual, says small and midsize businesses need to take steps to avoid.

An October 3 bulletin from the United States Computer Emergency Readiness Team (US-CERT) within DHS — “Advanced Persistent Threat Activity (APT) Exploiting MSPs” – describes “ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs).”  The National Cybersecurity and Communications Integration Center (NCCIC), a unit of US-CERT, indicated that it was responding to the growing trend of MSPs offering remote management of customer IT and end-user systems.

“When you unpack what DHS is saying – that going with an MSP over other cloud arrangements introduces unnecessary vulnerability –it’s increasingly clear that that path isn’t consistent with IT or business best practices,” Stern said.  “Indeed, entrusting a Managed Service Provider in place of an all-in-one cloud product can actually endanger the unwary SMB.  Those perpetrating cyberattacks and the like – the so-called ‘APT actors’ – are savvy enough to know how to exploit the fissures in the MSP model.”

According to US-CERT, the number of organizations using MSPs has grown significantly in recent years because MSPs enable their customers to scale and support their network environments at a lower cost than financing these resources internally.  “MSPs generally have direct and unfettered access to their customers’ networks, and may store customer data on their own internal infrastructure,” the agency noted. “By servicing a large number of customers, MSPs can achieve significant economies of scale.  However, a compromise in one part of an MSP’s network can spread globally, affecting other customers and introducing risk.”

Continuing, US-CERT wrote: “Using an MSP significantly increases an organization’s virtual enterprise infrastructure footprint and its number of privileged accounts, creating a larger attack surface for cyber criminals and nation-state actors.  By using compromised legitimate MSP credentials (e.g., administration, domain, user), APT actors can move bidirectionally between an MSP and its customers’ shared networks. Bidirectional movement between networks allows APT actors to easily obfuscate detection measures and maintain a presence on victims’ networks.

“APT actors use a range of ‘living off the land’ techniques to maintain anonymity while conducting their attacks,” the agency said. “These techniques include using legitimate credentials and trusted off-the-shelf applications and pre-installed system tools present in MSP customer networks.”

Since May 2016, APT actors employed a variety of tactics, techniques, and procedures aimed at cyber espionage and intellectual property theft.  APT actors have targeted organizations across the spectrum of U.S. critical infrastructure sectors, including IT, energy, healthcare and public health, communications and manufacturing.

To speak with Adam Stern, please email: admin@edgecommunicationsinc.com.

About Infinitely Virtual

The World’s Most Advanced Hosting Environment

Infinitely Virtual is a leading provider of high quality and affordable Cloud Server technology, capable of delivering services to any type of business, via terminal servers, SharePoint servers and SQL servers – all based on Cloud Servers. Ranked #28th on the Talkin’ Cloud 100 roster of premier hosting providers, Infinitely Virtual has earned the highest rating of ”Enterprise-Ready™” in Skyhigh Networks’ CloudTrust™ Program for four of its offerings — Cloud Server Hosting, InfiniteVault, InfiniteProtect and Virtual Terminal Server. The company recently took the #1 spot in HostReview’s Ranking of VPS hosting providers. Founder and CEO Adam Stern is a member of the Forbes Technology Council. Infinitely Virtual was established as a subsidiary of Altay Corporation, and through this partnership, the company provides customers with expert 24×7 technical support. More information about Infinitely Virtual can be found at: https://www.infinitelyvirtual.com, @iv_cloudhosting, or call 866-257-8455.