“Five Eyes” Nations Cybersecurity Authorities Issue Warning to MSPs of Stepped-Up Cyberattacks

Stu Sjouwerman | Jun 7, 2022

“Five Eyes” Nations Cybersecurity Authorities Issue Warning to MSPs of Stepped-Up CyberattacksThe world’s five leading cybersecurity authorities have again issued a joint report about an increase in malicious cyber activity targeting managed service providers they expect to continue.

If you’re not familiar with the “Five Eyes”, it’s a term used to reference the cybersecurity agencies in the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA, NSA, and FBI). These agencies have independently issuing warnings over the last few years, but it’s only now that the problem of cybercriminals attacking managed service providers (MSP) has become a problem.

Much like the increases in supply chain attacks that have been observed over the last 2 years, MSPs serve the same purpose to a cybercriminal – providing elevated access to a multitude of customers by attacking the one MSP.

In the “Five Eyes” joint report, several recommendations are made:

  • Improve the security of vulnerable devices including vulnerability management for all devices, with special focus on VPN solutions that provide external access.
  • Protect internet-facing services with particular focus on protecting against credential stuffing.
  • Defend against brute force and password spraying where pwned or compromised credentials can be used to attempt to gain access to MSP resources or networks.
  • Defend against phishing by using Security Awareness Training to educate users on how phishing attacks work, as well as phishing testing as a feedback loop to understand which users in your environment pose the greatest risk (and need more training).

Build Your Custom Security Awareness Program in 5 Minutes

Many IT and security professionals struggle to build a security culture program that actually changes behavior. Answer seven quick questions about your organization’s goals, compliance needs, and culture to automatically generate a customized roadmap based on industry best practices, complete with actionable tasks and a scheduling calendar.

Create Your Free ASAP Roadmap

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.