Wednesday October 3rd 12:30pm PST – U.S. Department of Homeland Security (DHS) is advising MSPs (managed services providers) and CSPs (cloud services providers) about advanced persistent threat (APT) actors “actively exploiting trust relationships in information technology (IT) service provider networks around the world.”
The annoucement to the Department of Homeland Security warning is here.
Further details:
APT actors are trying to get legitimate user credentials. They hope to exploit networks and expand unauthorized access. Plus maintain persistence and exfiltrate data from targeted organizations. Administrators are advised to audit credentials, remote-access logs, and control privileged access and remote access.
Potential targets include parent companies, connected partners, or managed service providers (MSP). APT actors, appearing as authorized users, are leveraging legitimate credentials to exploit trusted network relationships. This allows APT actors to access other devices and other trusted networks. Such intrusions offer a high level of persistence and stealth.
Mitigation efforts, according to US-Cert, include “rigorous credential and privileged-access management, as well as remote-access control, and audits of legitimate remote-access logs.” However, they state “there is no single proven threat response.”
At Shield we can help you close holes in security via a full audit of hackable vulnerabilities within your networks and stopping malware before it enters your network. We can also protect your data from theft with our Secure Data Exchange platform. We can also extend defences to mobile users as well.
Sources:
“The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.” More…
“The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.” More…
We will provide more details as we get them.
Please contact us today to arrange a free network security assessment. Plug holes before hackers find them! We’d be happy to provide a demo of Shield-SDE as well.
+1.855.787.7253 | sales@shield4uc.com