MSP Security Insights from CISA

MSP Security Insights from CISA

By Gary Audin

Everyone is concerend, threatened, and frightened about their IT and network resources being compromised. Every day, we learn about new threats to SMBs, enterprises, MSPs, VARs, governments, and other organizations. The Cyber & Infrastruture Security Agency (CISA), which is part of the Department of Homeland Security, publishes guidance and recommendations relating to security issues.

CISA is the national risk advisor, working with partners to defend against threats and collaborating to create more secure and resilient infrastructure. The threats—digital and physical, man-made, technological, and natural—are becoming increasingly complex, and the threat actors have become more diverse. The CISA seeks to help organizations manage risk and increase resilience using all available resources.

The CISA has published “CISA Insights: Guidance for MSPs and Small and Mid-sized Businesses,” which provides mitigation and hardening guidance to help organizations strengthen their defenses against cyberattacks. Because many small and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, MSPs are an attractive target for malicious cyber actors. Compromises of MSPs can have worldwide effects and introduce significant risk to MSP customers.

This publication includes, “Mitigations and Hardening Guidance for MSPs,” providing the following guidance:

  • Apply the principle of least privilege to customer environments.
  • Ensure that log information is preserved, aggregated, and correlated to maximize detection capabilities.
  • Implement robust network- and host-based monitoring solutions.
  • Work with customers to ensure hosted infrastructure is monitored and maintained.
  • Manage customer data backups.

This is followed by “Mitigations and Hardening Guidance for Small and Mid-Sized Businesses,” which offers the following guidance:

  • Manage supply chain risks
  • Implement strong operational controls
  • Manage architecture risks
  • Manage authentication, authorization, and accounting procedure risks
  • Review contractual relationships with all service providers
  • Implement CISA’s Cyber Essentials to reduce your organization’s cyber risk

The final part provides a series of resources valuable for the MSP. The technical resources include more detailed information about hardening MSP and customer infrastructure in response to general and specific cyber threats, including websites and technical alerts.

For general incident response guidance, download the Joint Cybersecurity Advisory AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity. The CISA also offers a range of no-cost cyber hygiene services to help MSPs assess, identify, and reduce their threat exposure. Organizations of any size will find ways to reduce their risk and mitigate attack vectors.

A second CISA publication is “Top Routinely Exploited Vulnerabilities”. The CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have released the Joint Cybersecurity Advisory on vulnerabilities  It details the major vulnerabilities routinely exploited by malicious actors in 2020 and those being widely exploited thus far in 2021.   

In 2020, cyber attacker exploited recently disclosed vulnerabilities to compromise unpatched systems. A majority of the top vulnerabilities targeted in 2020 were disclosed during the past two years. Cyber actor exploitation of recently disclosed 2020 software flaws probably stem from the expansion of remote work options because of the COVID-19 pandemic.

The most frequently targeted 2020 vulnerabilities affected remote work, VPNs, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020. The growth of remote work options challenged the ability of MSPs to conduct rigorous patch management.

There is a chart summarizing the CVEs encountered with the vendor identified, Common Vulnerabilities and Exposures (CVE) identifier, and the type of CVE. In 2021, cyber actors continue to target vulnerabilities in perimeter-type devices. This publication recommends that MSPs should prioritize patching for the following CVEs known to be exploited. 

  • Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 
  • Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
  • Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
  • VMware: CVE-2021-21985. 
  • Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591

This publication provides detailed information about many of the CVEs mentioned. As of the publication of this blog, there are 157,742 CVEs listed.

For the latest information about the MSP cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security.  MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

What You Need to Know About KnowBe4's New PhishER Plus Threat Intel

By: Alex Passett    6/20/2024

Renowned phishing awareness company KnowBe4 is rolling out additional features for its PhishER Plus offering - PhishER Plus Threat Intel packs one hec…

Read More

DataStrike Acquires MiCORE, Creating SMB Data Infrastructure Powerhouse

By: Greg Tavarez    6/18/2024

DataStrike recently completed the acquisition of MiCORE in a transaction that will form a large MSP specializing in data infrastructure services for S…

Read More

Boldy Defending Businesses: Huntress Secures $150M in Series D Funding to Strengthen its Security Capabilities

By: Alex Passett    6/18/2024

Huntress has officially announced the closure of its successful $150 million Series D funding round. This was led by Kleiner Perkins, Meritech Capital…

Read More

MSPs Round Up Cyber Threats with Compliance Scorecard's CaaS Power-Up

By: Greg Tavarez    6/18/2024

MSPs can now breathe a sigh of relief as Compliance Scorecard announced an upgrade to its Compliance-as-a-Service, or CaaS, platform.

Read More

Pia's Usage-Based Model Optimizes MSP Resources

By: Greg Tavarez    6/18/2024

Pia's recently announced usage-based model means MSPs will only be charged for the resources and automations they actually leverage.

Read More