The Cybersecurity Advisory will assist Managed Service Providers (MSP’s) and their customers to strengthen their defences against state-sponsored advanced persistent threat (APT) groups and other malicious cyber actors who are expected to increase their targeting of IT service providers and their customer networks.
Along with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Advisory was issued in collaboration with the Canadian Centre for Cyber Security (CCCS), the United Kingdom National Cyber Security Centre (NCSC-UK), the New Zealand National Cyber Security Centre (NZ NCSC), the United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the US National Security Agency (NSA), and the US Federal Bureau of Investigation (FBI).
The joint advisory outlines cybersecurity best practices, enabling transparent discussions between MSPs and their customers on securing sensitive data. The advisory provides actions that organisations can take to reduce the risk of falling victim to malicious cyber activity. Additionally, MSP customers can ensure contractual arrangements specify that their MSP acts on measures and controls in the advisory, such as:
- Prevent initial compromise by implementing mitigation resources to protect initial compromise attack methods from vulnerable devices, internet-facing services, brute force and password spraying, and phishing.
- Enable monitoring and logging, including storage of most important logs for at least six months, and implement endpoint detection and network defense monitoring capabilities in addition to using application allowlisting/denylisting.
- Secure remote access applications and enforce multifactor authentication (MFA) where possible to harden the infrastructure that enables access to networks and systems.
- Develop and exercise incident response and recovery plans, which should include roles and responsibilities for all organizational stakeholders, including executives, technical leads, and procurement officers.
- Understand and proactively manage supply chain risk across security, legal, and procurement groups, using risk assessments to identify and prioritize the allocation of resources.
“Managed Service Providers are vital to many businesses and as a result, a major target for malicious cyber actors,” said Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre. “These actors use them as launch pads to breach their customers’ networks, which we see are often compromised through ransomware attacks, business email compromises and other methods. Effective steps can be taken to harden their own networks and to protect their client information. We encourage all MSP’s to review their cyber security practices and implement the mitigation strategies outlined in this Advisory.”
All organisations are encouraged to review the advisory for a complete list of recommended security measures and operational controls. Organisations should implement these guidelines in accordance with their specific security needs, and compliance with applicable regulations.
All Australians are urged to report cybercrime and cyber incidents to ReportCyber, or call the 24/7 cyber security hotline 1300 CYBER1 (1300 292 371).