Advanced Persistent Attack Against Managed Service Providers
U.S. Warns of New China Hacking Spree
At approximately 7pm EDT on October 3, 2018, the United States Computer Emergency Readiness Team (US-CERT) under the Department of Homeland Security issued Alert TA18-276B concerning advanced persistent threat activity exploiting managed service providers. A hacking group widely known as cloudhopper and linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients. Although Chinese authorities have repeatedly denied claims by cybersecurity firms that it supports hacking, Homeland Security issued the alert due to a surge in Chinese hacking amid the escalating trade war.
“These cyber threat actors are still active and we strongly encourage our partners in government and industry to work together to defend against this threat,” DHS official Christopher Krebs said in a statement.
Wednesday’s alert provided advice on how U.S. firms can prevent, identify and remediate attacks by cloudhopper, which is also known as Red Leaves and APT10. The hacking group has largely targeted firms known as managed service providers, which provide technology services to business around the globe. Managed service providers (MSPs) are attractive targets because their networks provide routes for hackers to access sensitive systems of many customers with one successful attack.
Protect Your Business from Willful Neglect
Cybersecurity is about protecting your family/friends, staff, clients, and business partners from cybercrime. Unfortunately, most people assume their “IT guys” are licensed or bonded or something right? However, the Internal Revenue Service and Federal Trade Commission reports that less than 5% of managed service providers offer vetted IT support.
Until recently, the technology industry has been unregulated with only some manufacturer certifications but no other protection for the privacy and security of clients from fraud or theft of intellectual and real property. Vetted IT Support firms must meet 5 government and industry authority criteria:
- C Corporations with publicly listed ownership and board of directors at the state registered Secretary of State.
- Registered trademark value proposition and patented process or invention published at the United States Patent and Trademark Office.
- Highest manufacturer competency for the organization publicly listed at resources such as partnercenter.microsoft.com.
- Published authority with best-selling books in their field at Amazon, Ingram, NY Times, etc.
- Regulation Compliant Executive Summary Risk Assessment published on corporate website as required by corresponding manufacturer partner program such as Microsoft, Google, or Amazon.
Current initiatives for most MSPs include implementing risk exams, multi-factor authentication, conditional access by country/location, and advanced auditing. We encourage you to download our Definitive Trusted Advisor Guide and schedule a free consult if your MSP is not vetted.