The US Secret Service has warned businesses in the country, both public and private, that hackers are increasingly attacking managed service providers (MSP).
ZDNet, which claims to have obtained a copy of the warning pushed mid-June this year, states that the organisation’s investigation team – Global Investigations Operations Centre (GIOC), spotted a spike in attacks against MSPs, which are then used as a stepping stone to reach their end customers.
If successful, the criminals will access the victims’ point of sale systems to perform email compromise scams (BEC), or to distribute malware.
This is not the first time a US government agency issued a warning like this. In late 2018, the National Cybersecurity and Communications Integration Centre (NCCIC) warned businesses of a hacking campaign carried out by state-sponsored hacking groups.
Back then, the targets were also managed service providers. More precisely – cloud-based service providers, who were allegedly being targeted by Chinese hacking groups.
This time around, however, we don’t know who is behind the attacks, or whether or not it is a state-sponsored campaign. The Secret Service’s warning also lists best practices MSPs should implement in order to protect both themselves, and their customers.