[CDP-development] CISA - Cyber advisory, MSPs and customers urged to adopt a shared commitment to security and implement baseline measures and controls

Masse, Theresa theresa.masse at cisa.dhs.gov
Wed May 11 07:23:06 PDT 2022 

FYSA



The Cybersecurity and Infrastructure Security Agency (CISA) announced a joint Cybersecurity Advisory<https://www.cisa.gov/uscert/ncas/alerts/aa22-131a> that urges managed service providers (MSPs) and customers to adopt a shared commitment to security and implement baseline measures and controls. Published in  partnership with cybersecurity authorities of the United Kingdom<https://www.ncsc.gov.uk/>, Australia<https://www.cyber.gov.au/>, Canada<https://cyber.gc.ca/en/>, New Zealand<https://www.ncsc.govt.nz/>, Federal Bureau of Investigation (FBI<https://www.fbi.gov/investigate/cyber>), and National Security Agency (NSA<https://www.nsa.gov/Cybersecurity/>), with contributions from industry members of the Joint Cyber Defense Collaborative (JCDC)<https://www.cisa.gov/jcdc>, this advisory warns that malicious cyber actors continue to target MSPs, which is why organizations should implement the recommended actions, as appropriate for their unique environment and security needs, to strengthen protection of sensitive data and networks.



CISA, NCSC-UK, ACSC, CCCS, NZ-NCSC, NSA, and FBI expect malicious cyber actors, including state-sponsored advanced persistent threat (APT) groups, to continue their targeting of MSPs. Some tactical actions to improve security that MSPs and their customers can take today are:

  *   Identify and disable accounts that are no longer in use.
  *   Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
  *   Ensure MSP-customer contracts transparently identify ownership of ICT security roles and responsibilities.

 The advisory provides several measures that organizations can take to reduce their risk of becoming a victim to malicious cyber activity. Additionally, MSP customers should verify their contractual arrangements with the provider include measures and controls in this advisory according to their security requirements, such as:

  *   Prevent initial compromise by implementing mitigation resources to protect initial compromise attack methods from vulnerable devices, internet-facing services, brute force and password spraying, and phishing.
  *   Enable monitoring and logging, including storage of most important logs for at least six months, and implement endpoint detection and network defense monitoring capabilities in addition to using application allowlisting/denylisting.
  *   Develop and exercise incident response and recovery plans, which should include roles and responsibilities for all organizational stakeholders, including executives, technical leads, and procurement officers.
  *   Understand and proactively manage supply chain risk across security, legal, and procurement groups, using risk assessments to identify and prioritize the allocation of resources.



In addition to reviewing the advisory<https://www.cisa.gov/uscert/ncas/alerts/aa22-131a> for complete list of recommended measures and controls, CISA reminds critical infrastructure executives and senior leaders to review our “Shields Up” webpage at www.cisa.gov/shields-up<http://www.cisa.gov/shields-up>.



Also, organizations should share information on incidents and unusual activity to CISA 24/7 Operations Center at report at cisa.gov<mailto:report at cisa.gov> or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch at fbi.gov<mailto:CyWatch at fbi.gov>.



We appreciate you sharing this information and/or amplifying with your cybersecurity community. CISA and other partners are posting information about our joint advisory on their social media platforms.



Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D86506.1CB1C090]







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220511/ab2a5a07/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220511/ab2a5a07/attachment-0001.png>

More information about the CDP-development mailing list